https://github.com/cr-marcstevens/sha1collisiondetection Skip to content Sign up * Product + Features + Mobile + Actions + Codespaces + Copilot + Packages + Security + Code review + Issues + Integrations + GitHub Sponsors + Customer stories * Team * Enterprise * Explore + Explore GitHub + Learn and contribute + Topics + Collections + Trending + Skills + GitHub Sponsors + Open source guides + Connect with others + The ReadME Project + Events + Community forum + GitHub Education + GitHub Stars program * Marketplace * Pricing + Plans + Compare plans + Contact Sales + Education [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this user All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} cr-marcstevens / sha1collisiondetection Public * Notifications * Fork 176 * Star 1.2k Library and command line tool to detect SHA-1 collision in a file License View license 1.2k stars 176 forks Star Notifications * Code * Issues 7 * Pull requests 7 * Actions * Projects 0 * Wiki * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Wiki * Security * Insights cr-marcstevens/sha1collisiondetection This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. master Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags 2 branches 3 tags Code Latest commit @shumow shumow Merge pull request #63 from timgates42/bugfix_typo_embedded ... b4a7b0b Dec 9, 2020 Merge pull request #63 from timgates42/bugfix_typo_embedded docs: fix simple typo, embeded -> embedded b4a7b0b Git stats * 105 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time lib docs: fix simple typo, embeded -> embedded Dec 6, 2020 src support reading from stdin May 8, 2017 test Documented SHA-mbles example colliding files Jan 9, 2020 vs2015 Turns up warning levels for visual studio build. Mar 31, 2017 .gitignore .gitignore: ignore lib/.depend/ and other .depend/ directories May 20, 2017 .travis.yml Updated Makefile and travisci Mar 5, 2017 LICENSE.txt CR fix Feb 21, 2017 Makefile Makefile: bumped library current version due to changed definition of... Mar 16, 2017 README.md Documented SHA-mbles example colliding files Jan 9, 2020 View code sha1collisiondetection Developers About Compiling Command-line usage Library usage Inclusion in other programs README.md sha1collisiondetection Library and command line tool to detect SHA-1 collisions in files Copyright 2017 Marc Stevens marc@marc-stevens.nl Distributed under the MIT Software License. See accompanying file LICENSE.txt or copy at https://opensource.org/ licenses/MIT. Developers * Marc Stevens, CWI Amsterdam (https://marc-stevens.nl) * Dan Shumow, Microsoft Research (https://www.microsoft.com/en-us/ research/people/danshu/) About This library and command line tool were designed as near drop-in replacements for common SHA-1 libraries and sha1sum. They will compute the SHA-1 hash of any given file and additionally will detect cryptanalytic collision attacks against SHA-1 present in each file. It is very fast and takes less than twice the amount of time as regular SHA-1. More specifically they will detect any cryptanalytic collision attack against SHA-1 using any of the top 32 SHA-1 disturbance vectors with probability 1: I(43,0), I(44,0), I(45,0), I(46,0), I(47,0), I(48,0), I(49,0), I(50,0), I(51,0), I(52,0), I(46,2), I(47,2), I(48,2), I(49,2), I(50,2), I(51,2), II(45,0), II(46,0), II(47,0), II(48,0), II(49,0), II(50,0), II(51,0), II(52,0), II(53,0), II(54,0), II(55,0), II(56,0), II(46,2), II(49,2), II(50,2), II(51,2) The possibility of false positives can be neglected as the probability is smaller than 2^-90. The library supports both an indicator flag that applications can check and act on, as well as a special safe-hash mode that returns the real SHA-1 hash when no collision was detected and a different safe hash when a collision was detected. Colliding files will have the same SHA-1 hash, but will have different unpredictable safe-hashes. This essentially enables protection of applications against SHA-1 collisions with no further changes in the application, e.g., digital signature forgeries based on SHA-1 collisions automatically become invalid. For the theoretical explanation of collision detection see the award-winning paper on Counter-Cryptanalysis: Counter-cryptanalysis, Marc Stevens, CRYPTO 2013, Lecture Notes in Computer Science, vol. 8042, Springer, 2013, pp. 129-146, https:// marc-stevens.nl/research/papers/C13-S.pdf Compiling Run: make Command-line usage There are two programs bin/sha1dcsum and bin/sha1dcsum_partialcoll. The first program bin/sha1dcsum will detect and warn for files that were generated with a cryptanalytic SHA-1 collision attack, like the one documented at https://shattered.io/ as well as the later derived attack https://sha-mbles.github.io/. The second program bin/ sha1dcsum_partialcoll will detect and warn for files that were generated with a cryptanalytic collision attack against reduced-round SHA-1 (of which there are a few examples so far). Examples: bin/sha1dcsum test/sha1_reducedsha_coll.bin test/shattered-1.pdf bin/sha1dcsum_partialcoll test/sha1reducedsha_coll.bin test/shattered-1.pdf pipe_data | bin/sha1dcsum - Library usage See the documentation in lib/sha1.h. Here is a simple example code snippet: #include SHA1_CTX ctx; unsigned char hash[20]; SHA1DCInit(&ctx); /** disable safe-hash mode (safe-hash mode is enabled by default) **/ // SHA1DCSetSafeHash(&ctx, 0); /** disable use of unavoidable attack conditions to speed up detection (enabled by default) **/ // SHA1DCSetUseUBC(&ctx, 0); SHA1DCUpdate(&ctx, buffer, (unsigned)(size)); int iscoll = SHA1DCFinal(hash,&ctx); if (iscoll) printf("collision detected"); else printf("no collision detected"); Inclusion in other programs In order to make it easier to include these sources in other project there are several preprocessor macros that the code uses. Rather than copy/pasting and customizing or specializing the code, first see if setting any of these defines appropriately will allow you to avoid modifying the code yourself. * SHA1DC_NO_STANDARD_INCLUDES Skips including standard headers. Use this if your project for whatever reason wishes to do its own header includes. * SHA1DC_CUSTOM_INCLUDE_SHA1_C Includes a custom header at the top of sha1.c. Usually this would be set in conjunction with SHA1DC_NO_STANDARD_INCLUDES to point to a header file which includes various standard headers. * SHA1DC_INIT_SAFE_HASH_DEFAULT Sets the default for safe_hash in SHA1DCInit(). Valid values are 0 and 1. If unset 1 is the default. * SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C Includes a custom trailer in sha1.c. Useful for any extra utility functions that make use of the functions already defined in sha1.c. * SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H Includes a custom trailer in sha1.h. Useful for defining the prototypes of the functions or code included by SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C. * SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C Includes a custom header at the top of ubc_check.c. * SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_C Includes a custom trailer in ubc_check.c. * SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_H Includes a custom trailer in ubc_check.H. This code will try to auto-detect certain things based on CPU/ platform. Unless you're running on some really obscure CPU or porting to a new platform you should not need to tweak this. If you do please open an issue at https://github.com/cr-marcstevens/ sha1collisiondetection * SHA1DC_FORCE_LITTLEENDIAN / SHA1DC_FORCE_BIGENDIAN Override the check for processor endianenss and force either Little-Endian or Big-Endian. * SHA1DC_FORCE_UNALIGNED_ACCESS Permit unaligned access. This will fail on e.g. SPARC processors, so it's only permitted on a whitelist of processors. If your CPU isn't detected as allowing this, and allows unaligned access, setting this may improve performance (or make it worse, if the kernel has to catch and emulate such access on its own). About Library and command line tool to detect SHA-1 collision in a file Resources Readme License View license Stars 1.2k stars Watchers 52 watching Forks 176 forks Releases 3 stable-v1.0.3 Latest Mar 27, 2017 + 2 releases Packages 0 No packages published Contributors 12 * @cr-marcstevens * @shumow * @avar * @muellermartin * @n-soda * @andreasstieger * @jwilk * @danshumow-msft * @jsha * @michael-o * @lidl * @timgates42 Languages * C 95.6% * Makefile 4.4% * (c) 2022 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.