natmchugh/sha0_collsion.py

## sha0_collsion.py
import struct, binascii

def _left_rotate(n, b):
    return ((n << b) | (n >> (32 - b))) & 0xffffffff

def sha0(message):

    IV = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]
    # Initialize variables:
    (h0, h1, h2, h3, h4) = IV

    # Pre-processing:
    original_byte_len = len(message)
    original_bit_len = original_byte_len * 8
    # append the bit '1' to the message
    # message += b'\x80'

    # append 0 <= k < 512 bits '0', so that the resulting message length (in bits)
    #    is congruent to 448 (mod 512)
    # message += b'\x00' * ((56 - (original_byte_len + 1) % 64) % 64)

    # append length of message (before pre-processing), in bits, as 64-bit big-endian integer
    # message += struct.pack(b'>Q', original_bit_len)
    # Process the message in successive 512-bit chunks:
    # break message into 512-bit chunks
    for i in range(0, len(message), 64):
        w = [0] * 80
        # break chunk into sixteen 32-bit big-endian words w[i]
        for j in range(16):
            w[j] = struct.unpack(b'>I', message[i + j*4:i + j*4 + 4])[0]
        # Extend the sixteen 32-bit words into eighty 32-bit words:
        for j in range(16, 80):
            w[j] = w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16]

        # Initialize hash value for this chunk:
        a = h0
        b = h1
        c = h2
        d = h3
        e = h4

        for i in range(80):
            if 0 <= i <= 19:
                # Use alternative 1 for f from FIPS PB 180-1 to avoid ~
                f = d ^ (b & (c ^ d))
                k = 0x5A827999
            elif 20 <= i <= 39:
                f = b ^ c ^ d
                k = 0x6ED9EBA1
            elif 40 <= i <= 59:
                f = (b & c) | (b & d) | (c & d)
                k = 0x8F1BBCDC
            elif 60 <= i <= 79:
                f = b ^ c ^ d
                k = 0xCA62C1D6

            a, b, c, d, e = ((_left_rotate(a, 5) + f + e + k + w[i]) & 0xffffffff,
                            a, _left_rotate(b, 30), c, d)

        # sAdd this chunk's hash to result so far:
        h0 = (h0 + a) & 0xffffffff
        h1 = (h1 + b) & 0xffffffff
        h2 = (h2 + c) & 0xffffffff
        h3 = (h3 + d) & 0xffffffff
        h4 = (h4 + e) & 0xffffffff

    # Produce the final hash value (big-endian):
    return '%08x%08x%08x%08x%08x' % (h0, h1, h2, h3, h4)

m0 = binascii.unhexlify('efc04714ab491d35bd45f430fd07cb8fcace957fdc873c5c7e905ef5b08afc59488377cee9ff32fafc7321f54f9e5c9e08dd0c3c7884fe769096f48955af0e5b')
m1 = binascii.unhexlify('e2c2cfbdbd71e03158fc4572d0b7df9c34b3e5030e358632d96cb5526ecbe1ee1e88ccc61e1df6d644a312a076be213147ddf448d5fc3baabf320328c1abbeb7')
m1prime = binascii.unhexlify('e2c2cfbf3d71e03358fc453050b7dfdeb4b3e5030e358672d96cb5506ecbe1ee9e88ccc69e1df6d444a312e076be2131c7ddf40855fc3baabf32036841abbeb7')
hash1 = sha0(m0+m1)

print hash1

hash2 = sha0(m0+m1prime)

print hash2
	import struct, binascii

	def _left_rotate(n, b):
	return ((n << b) \| (n >> (32 - b))) & 0xffffffff

	def sha0(message):

	IV = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]
	# Initialize variables:
	(h0, h1, h2, h3, h4) = IV

	# Pre-processing:
	original_byte_len = len(message)
	original_bit_len = original_byte_len * 8
	# append the bit '1' to the message
	# message += b'\x80'

	# append 0 <= k < 512 bits '0', so that the resulting message length (in bits)
	# is congruent to 448 (mod 512)
	# message += b'\x00' * ((56 - (original_byte_len + 1) % 64) % 64)

	# append length of message (before pre-processing), in bits, as 64-bit big-endian integer
	# message += struct.pack(b'>Q', original_bit_len)
	# Process the message in successive 512-bit chunks:
	# break message into 512-bit chunks
	for i in range(0, len(message), 64):
	w = [0] * 80
	# break chunk into sixteen 32-bit big-endian words w[i]
	for j in range(16):
	w[j] = struct.unpack(b'>I', message[i + j4:i + j4 + 4])[0]
	# Extend the sixteen 32-bit words into eighty 32-bit words:
	for j in range(16, 80):
	w[j] = w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16]

	# Initialize hash value for this chunk:
	a = h0
	b = h1
	c = h2
	d = h3
	e = h4

	for i in range(80):
	if 0 <= i <= 19:
	# Use alternative 1 for f from FIPS PB 180-1 to avoid ~
	f = d ^ (b & (c ^ d))
	k = 0x5A827999
	elif 20 <= i <= 39:
	f = b ^ c ^ d
	k = 0x6ED9EBA1
	elif 40 <= i <= 59:
	f = (b & c) \| (b & d) \| (c & d)
	k = 0x8F1BBCDC
	elif 60 <= i <= 79:
	f = b ^ c ^ d
	k = 0xCA62C1D6

	a, b, c, d, e = ((_left_rotate(a, 5) + f + e + k + w[i]) & 0xffffffff,
	a, _left_rotate(b, 30), c, d)

	# sAdd this chunk's hash to result so far:
	h0 = (h0 + a) & 0xffffffff
	h1 = (h1 + b) & 0xffffffff
	h2 = (h2 + c) & 0xffffffff
	h3 = (h3 + d) & 0xffffffff
	h4 = (h4 + e) & 0xffffffff

	# Produce the final hash value (big-endian):
	return '%08x%08x%08x%08x%08x' % (h0, h1, h2, h3, h4)

	m0 = binascii.unhexlify('efc04714ab491d35bd45f430fd07cb8fcace957fdc873c5c7e905ef5b08afc59488377cee9ff32fafc7321f54f9e5c9e08dd0c3c7884fe769096f48955af0e5b')
	m1 = binascii.unhexlify('e2c2cfbdbd71e03158fc4572d0b7df9c34b3e5030e358632d96cb5526ecbe1ee1e88ccc61e1df6d644a312a076be213147ddf448d5fc3baabf320328c1abbeb7')
	m1prime = binascii.unhexlify('e2c2cfbf3d71e03358fc453050b7dfdeb4b3e5030e358672d96cb5506ecbe1ee9e88ccc69e1df6d444a312e076be2131c7ddf40855fc3baabf32036841abbeb7')
	hash1 = sha0(m0+m1)

	print hash1

	hash2 = sha0(m0+m1prime)

	print hash2