NiNi's Den


Word count: 199Reading time: 1 min
2017/12/18 Share

I will add write-up of printf machine in next few day.

SHA-1 is dead - 100 point

SHA-1 is dead
Upload two files satisfy following conditions:

file1 != file2
SHA1(file1) == SHA1(file2)
SHA256(file1) <> SHA256(file2)
2017KiB < sizeof(file1) < 2018KiB
2017KiB < sizeof(file2) < 2018KiB
* 1KiB = 1024 bytes

Just download sha1 collision pdf made by Google, then concatenate it with something.
Actually we don’t need to check the result of SHA-256 of two pdf……
Maybe wa can find a SHA-256 collision?

import requests
import urllib2
from hashlib import sha1
from hashlib import sha256
import urllib

pdf1 = urllib2.urlopen("").read()[:500]
pdf2 = urllib2.urlopen("").read()[:500]

pdf1 = pdf1.ljust( 2065409, "\00") #padding pdf to 2017Kib + 1
pdf2 = pdf2.ljust( 2065409, "\00")

while True:
check1 = sha256(pdf1).hexdigest()
check2 = sha256(pdf2).hexdigest()
if check1 != check2:
pdf1 = pdf1+"\00"
pdf2 = pdf2+"\00"

file1 = open("upload1","w")
file2 = open("upload2","w")

print sha1(pdf1).hexdigest()
print sha1(pdf2).hexdigest()
print sha256(pdf1).hexdigest()
print sha256(pdf2).hexdigest()
print len(pdf1)
print len(pdf2)

Original Author: Terrynini

Original link:

Publish at: December 18th 2017, 8:39:47

Copyright: This article is licensed under CC BY-NC 4.0