A pin maybe found in a haystack

Ed Felter spreads a SHA-1 hash collision rumor.

Eric Rescorla does a good job of explaining that even if true, a collision is not of great practical import.

Why? Most uses of SHA-1, including Bitzi, rely on the practical impossibility of finding content that will generate a specific hash.

A collision merely means that two pieces of content (“messages” in crypto-speak) have been found that generate the same arbitrary hash.

For reasons that aren’t all that intuitive, it is much harder to find a specific match than an arbitrary collision.

I think in day-to-day experience a good analogue would be this: it’s pretty easy to find odd coincidences if you look. If you know how to conjure up specific odd coincidences on demand, tell me.

All that said, Bitzi also uses the Tiger hash, which is not from the same family as SHA-1, as an insurance policy among other things.

Disclaimer: I am not a crypto expert. If true this rumor may be huge news for crypto theorists.

2 Responses

  1. Gordon Mohr says:

    Even if you can’t create a collision with a specific target hash, if you are able to create pairs of preimages with the same end hash, mischief is possible.

    For example, you create two files, one with something desirable, one with something undesirable (a trojan). You jiggle them both in insignificant ways until they match hashes. You then promote the desirable file, giving it (and its hash) a good reputation. (Perhaps, third parties have even reviewed and endorsed its contents.)

    Then, you release the trojan version, which can piggyback the good reputation of the first version to many more places than it would have otherwise reached.

    It’s not as bad as if a collision for arbitrary content could be found, but it still makes the hash function less-than-ideal for many purposes.

  2. […] A pin maybe found in a haystack and spreading rumors about things I don’t understand marks me as a foolish charlatan. Play traders seemed to briefly put the probability of the rumor at 50%, but were quickly disillusioned. Similarly in early 2007 and almost no appetite for guessing lately. […]

Leave a Reply