Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to create a forged file which has the same checksums using two different algorithms?

I was a bit inspired by this blog entry http://blogs.technet.com/dmelanchthon/archive/2009/07/23/windows-7-rtm.aspx (German)

The current notion is that md5 and sha1 are both somewhat broken. Not easily and fast, but at least for md5 in the range of a practical possibility. (I'm not at all a crypto expert, so maybe I'm wrong in stuff like that).

So I asked myself if it would be possible to create a file A' which has the same size, the same md5 sum, and the same sha1 sum as the original file A.

First, would it be possible at all?

Second, would it be possible in reality, with current hardware/software?

If not, wouldn't be the easiest way to provide assurance of the integrity of a file to use always two different algorithms, even if they have some kind of weakness?

Updated:

Just to clarify: the idea is to have a file A and a file A' which fullfills the conditions:

size(A) == size(A') && md5sum(A) == md5sum(A') && sha1sum(A) == sha1sum(A')
like image 502
Mauli Avatar asked Jul 24 '09 12:07

Mauli


People also ask

Can two files generate same checksum?

Generally, two files can have the same md5 hash only if their contents are exactly the same. Even a single bit of variation will generate a completely different hash value. There is one caveat, though: An md5 sum is 128 bits (16 bytes).

Can same file have different checksum?

It is possible that different files have the same checksum (in fact, since there are a finite number of checksums but an infinite number of possible files, there must be an infinite number of different files that have the same checksum). But it is not possible for identical files to have different checksums.

Can two different hashes be the same?

In computer science, a hash collision is a random match in hash values that occurs when a hashing algorithm produces the same hash value for two distinct pieces of data.

Can two different string have same hash?

It may be possible that two different strings have the same hash values. This may occur because we take modulo 'M' in the final hash value. In that case, two different strings may have the same hash values, called a collision.


1 Answers

"Would it be possible at all?" - yes, if the total size of the checksums is smaller than the total size of the file, it is impossible to avoid collisions.

"would it be possible in reality, with current hardware/software?" - if it is feasible to construct a text to match a given checksum for each of the checksums in use, then yes.

See wikipedia on concatenation of cryptographic hash functions, which is also a useful term to google for.

From that page:

"However, for Merkle-Damgård hash functions, the concatenated function is only as strong as the best component, not stronger. Joux noted that 2-collisions lead to n-collisions: if it is feasible to find two messages with the same MD5 hash, it is effectively no more difficult to find as many messages as the attacker desires with identical MD5 hashes. Among the n messages with the same MD5 hash, there is likely to be a collision in SHA-1. The additional work needed to find the SHA-1 collision (beyond the exponential birthday search) is polynomial. This argument is summarized by Finney."

like image 178
moonshadow Avatar answered Sep 20 '22 13:09

moonshadow