Is it possible for someone to fake a SHA1 hash?

Discussion in 'Windows 8' started by boxr, Feb 25, 2013.

  1. boxr

    boxr MDL Junior Member

    Feb 10, 2013
    57
    3
    0
    #1 boxr, Feb 25, 2013
    Last edited: Feb 26, 2013
    When downloading an ISO is it possible for someone to have altered it and then rebuilt it to have the correct SHA1 hash number?
     
  2. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,748
    1,959
    210
    Short answer: NO!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,494
    15,280
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,748
    1,959
    210
    Can it? I hardly believe that! As Photoshop'ed: YES! But real? NO!

    Using min. 2 or even 3 different apps, and normally would get the same result, compared to the Original are the same as well, would mean you're good!

    Changing just 1 letter in one file and keep the size exactly the same, the checksum will differs! And we talking about to compare with the Checksums from MS which is using SHA-1 instead of CRC!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,494
    15,280
    340
    #5 Tito, Feb 25, 2013
    Last edited: Feb 25, 2013
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,748
    1,959
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. I966

    I966 MDL Junior Member

    Nov 28, 2009
    73
    47
    0
    NO for sure
    it is just a Myth each char in ackii code has its own Definition "A" is not as "a"
    so if only one char has been channged the hash will not be the same
     
  8. boxr

    boxr MDL Junior Member

    Feb 10, 2013
    57
    3
    0
    Not sure how this thread got to CRC when i was talking about the hash value but thanks all. :)
     
  9. Fraggy

    Fraggy MDL Addicted

    Jun 13, 2011
    734
    389
    30
    Very hard, but it might be possible with collisions.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. BigW

    BigW MDL Member

    Apr 25, 2010
    198
    53
    10
    Pactically in the near future (at least next 5-10 years) no. Theoretical every hash and any cryptoligy could be cracked. The only limiting factor is the available computing power and the time it takes to break it. The best hash algorythmen this days would take a few thousond ordinary PCs several thousend years to break it.
     
  11. boxr

    boxr MDL Junior Member

    Feb 10, 2013
    57
    3
    0
    Thanks i will have a read of it later when i get back in.
     
  12. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,494
    15,280
    340
    boxr hasn't mentioned any specific algorithm. So I just give two examples using (Auto)CRC and MD5.

    CRC is also a hash algorithm.

    Yes, I just want to post some information with examples.

    :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,748
    1,959
    210
    You're right, he hasn't! But as we were talking about MS Software, we'd to talk about SHA-1 because MS is using just that! And I do believe they know well WHY!

    Anyway it wasn't any offence from my site, just a direct pointing to fact.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,494
    15,280
    340
    Is it??

    ;) :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. vymrdal

    vymrdal MDL Novice

    Apr 28, 2010
    48
    894
    0
    #17 vymrdal, Feb 25, 2013
    Last edited: Feb 25, 2013
    @OP: Yeah, the evil hax0rz have spent a couple of months using a worldwide cluster of machines to produce an SHA1 collision on MS DVDs so that they could fool you. It was much easier than uploading a "110% permanent W8 Activator" on TPB or alike site. :p
     
  16. I966

    I966 MDL Junior Member

    Nov 28, 2009
    73
    47
    0
    :)
    thats really a good POINT !!
     
  17. boxr

    boxr MDL Junior Member

    Feb 10, 2013
    57
    3
    0
    Changed topic and 1st post to avoid confusion. :)
     
  18. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,787
    10,376
    210
    I found this topic curious as I do a bit of torrenting. After reading a bit on the internet from different sites, I can say fairly confidently that faking a sha-1 for file purposes is nearly impossible.
    A lot of the sites I visited went on about collisions, which kinda made my eyes glaze over, but some did refer to actual hacking attempts. There are people who can hack these things, but it's not something
    you'd ever run into unless you run a bank or a national security server.

    The kind of hacking these guys do on this is to get password data from stuff like hashed bank accounts, etc. This is not really a suitable option for creating a file. The reason it's not is that these functions are all
    unidirectional. You can't run them very well from reverse. It's possible, given enough time and computing power, but not very likely at all. Any real life hacking attempt would be better served by sending over a prostitute with a flash drive.
    Also, since they're one-directional functions, although not impossible, very often any matches would be vastly different in size.

    Bob: "I sent you the file, hash is sd98f7sd9f87sdf987sd9f87s9df"
    Ted: "Why on earth is it 87gigabytes? I thought it was an mp3???"

    So no, not gonna happen without full government funding and supercomputers etc...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...