When downloading an ISO is it possible for someone to have altered it and then rebuilt it to have the correct SHA1 hash number?
Can it? I hardly believe that! As Photoshop'ed: YES! But real? NO! Using min. 2 or even 3 different apps, and normally would get the same result, compared to the Original are the same as well, would mean you're good! Changing just 1 letter in one file and keep the size exactly the same, the checksum will differs! And we talking about to compare with the Checksums from MS which is using SHA-1 instead of CRC!
NO for sure it is just a Myth each char in ackii code has its own Definition "A" is not as "a" so if only one char has been channged the hash will not be the same
Pactically in the near future (at least next 5-10 years) no. Theoretical every hash and any cryptoligy could be cracked. The only limiting factor is the available computing power and the time it takes to break it. The best hash algorythmen this days would take a few thousond ordinary PCs several thousend years to break it.
boxr hasn't mentioned any specific algorithm. So I just give two examples using (Auto)CRC and MD5. CRC is also a hash algorithm. Yes, I just want to post some information with examples.
You're right, he hasn't! But as we were talking about MS Software, we'd to talk about SHA-1 because MS is using just that! And I do believe they know well WHY! Anyway it wasn't any offence from my site, just a direct pointing to fact.
@OP: Yeah, the evil hax0rz have spent a couple of months using a worldwide cluster of machines to produce an SHA1 collision on MS DVDs so that they could fool you. It was much easier than uploading a "110% permanent W8 Activator" on TPB or alike site.
I found this topic curious as I do a bit of torrenting. After reading a bit on the internet from different sites, I can say fairly confidently that faking a sha-1 for file purposes is nearly impossible. A lot of the sites I visited went on about collisions, which kinda made my eyes glaze over, but some did refer to actual hacking attempts. There are people who can hack these things, but it's not something you'd ever run into unless you run a bank or a national security server. The kind of hacking these guys do on this is to get password data from stuff like hashed bank accounts, etc. This is not really a suitable option for creating a file. The reason it's not is that these functions are all unidirectional. You can't run them very well from reverse. It's possible, given enough time and computing power, but not very likely at all. Any real life hacking attempt would be better served by sending over a prostitute with a flash drive. Also, since they're one-directional functions, although not impossible, very often any matches would be vastly different in size. Bob: "I sent you the file, hash is sd98f7sd9f87sdf987sd9f87s9df" Ted: "Why on earth is it 87gigabytes? I thought it was an mp3???" So no, not gonna happen without full government funding and supercomputers etc...