Hacker News new | ask | show | jobs
by TorKlingberg 3406 days ago
It seems so. I can add the same arbitrary data at the end of two pdfs generated by this tool, and they are still a collision. I didn't know SHA-1 is so susceptible to length extension. Is there no internal state in the algorithm that would be different even if the hash output is identical?
1 comments
danielweber 3406 days ago
If you were to somehow get two messages with the same SHA-3 hash, you could keep on appending the same data to both and they would keep the same SHA-3. But SHA-3 is explicitly not vulnerable to length extension attacks.
link
fivesigma 3406 days ago
No they wouldn't, since its internal state is different than the output.

Same goes for SHA-224 and SHA-384.

link
danielweber 3406 days ago
Damn, right, you have to get them with the same internal state.
link