Last active
October 22, 2015 15:36
-
-
Save natmchugh/900f70cd0162531890bc to your computer and use it in GitHub Desktop.
This is a 2 block collision in sha0 from work New Disturbance Vector for SHA-0 Collision* by SHUANG WU, DENG-GUO FENG AND WEN-LING WU downloaded here http://www.iis.sinica.edu.tw/page/jise/2010/201011_13.pdf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import struct, binascii | |
def _left_rotate(n, b): | |
return ((n << b) | (n >> (32 - b))) & 0xffffffff | |
def sha0(message): | |
IV = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0] | |
# Initialize variables: | |
(h0, h1, h2, h3, h4) = IV | |
# Pre-processing: | |
original_byte_len = len(message) | |
original_bit_len = original_byte_len * 8 | |
# append the bit '1' to the message | |
# message += b'\x80' | |
# append 0 <= k < 512 bits '0', so that the resulting message length (in bits) | |
# is congruent to 448 (mod 512) | |
# message += b'\x00' * ((56 - (original_byte_len + 1) % 64) % 64) | |
# append length of message (before pre-processing), in bits, as 64-bit big-endian integer | |
# message += struct.pack(b'>Q', original_bit_len) | |
# Process the message in successive 512-bit chunks: | |
# break message into 512-bit chunks | |
for i in range(0, len(message), 64): | |
w = [0] * 80 | |
# break chunk into sixteen 32-bit big-endian words w[i] | |
for j in range(16): | |
w[j] = struct.unpack(b'>I', message[i + j*4:i + j*4 + 4])[0] | |
# Extend the sixteen 32-bit words into eighty 32-bit words: | |
for j in range(16, 80): | |
w[j] = w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16] | |
# Initialize hash value for this chunk: | |
a = h0 | |
b = h1 | |
c = h2 | |
d = h3 | |
e = h4 | |
for i in range(80): | |
if 0 <= i <= 19: | |
# Use alternative 1 for f from FIPS PB 180-1 to avoid ~ | |
f = d ^ (b & (c ^ d)) | |
k = 0x5A827999 | |
elif 20 <= i <= 39: | |
f = b ^ c ^ d | |
k = 0x6ED9EBA1 | |
elif 40 <= i <= 59: | |
f = (b & c) | (b & d) | (c & d) | |
k = 0x8F1BBCDC | |
elif 60 <= i <= 79: | |
f = b ^ c ^ d | |
k = 0xCA62C1D6 | |
a, b, c, d, e = ((_left_rotate(a, 5) + f + e + k + w[i]) & 0xffffffff, | |
a, _left_rotate(b, 30), c, d) | |
# sAdd this chunk's hash to result so far: | |
h0 = (h0 + a) & 0xffffffff | |
h1 = (h1 + b) & 0xffffffff | |
h2 = (h2 + c) & 0xffffffff | |
h3 = (h3 + d) & 0xffffffff | |
h4 = (h4 + e) & 0xffffffff | |
# Produce the final hash value (big-endian): | |
return '%08x%08x%08x%08x%08x' % (h0, h1, h2, h3, h4) | |
m0 = binascii.unhexlify('efc04714ab491d35bd45f430fd07cb8fcace957fdc873c5c7e905ef5b08afc59488377cee9ff32fafc7321f54f9e5c9e08dd0c3c7884fe769096f48955af0e5b') | |
m1 = binascii.unhexlify('e2c2cfbdbd71e03158fc4572d0b7df9c34b3e5030e358632d96cb5526ecbe1ee1e88ccc61e1df6d644a312a076be213147ddf448d5fc3baabf320328c1abbeb7') | |
m1prime = binascii.unhexlify('e2c2cfbf3d71e03358fc453050b7dfdeb4b3e5030e358672d96cb5506ecbe1ee9e88ccc69e1df6d444a312e076be2131c7ddf40855fc3baabf32036841abbeb7') | |
hash1 = sha0(m0+m1) | |
print hash1 | |
hash2 = sha0(m0+m1prime) | |
print hash2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Output:
7fb66613141b635e4ece6e4cb4eb695cfc7200ca
7fb66613141b635e4ece6e4cb4eb695cfc7200ca