[vbitz]

This is just the first 320 bytes of the original shattered. They just cut off the rest of the PDF data.

[re]

Yes. It also isn't the "second" sha-1 collision, by any means -- you could already trivially use the prefix and colliding blocks from the shattered example and append any suffix you want to generate more collisions: https://news.ycombinator.com/item?id=13723892

A true second collision wouldn't start with the same 320 bytes. A more interesting one might use fewer bits to achieve the collision.

[bawolff]

Lol, i wonder if this is the first example of someone using the inverse of the length extension attack to trick people

[SpicyLemonZest]

Does that... work? I guess so, but why does it work?

[tedunangst]

Once the two sha1 states are synchronized, after the first 320 bytes, they will remain in sync as long as you extend them with the same data. (BTW This is why hmac exists, to prevent extension attacks.)