Mfcttrf

Plotting octahedron inside the sphere and sphere inside the cube

Is it okay for a ticket seller in the USA to refuse to give you your change, keep it for themselves and claim it's a tip?

Do beef farmed pastures net remove carbon emissions?

TEMPO: play a sound in animated GIF/PDF/SVG

Can the ground attached to neutral fool a receptacle tester?

Heat equation: Squiggly lines

How to disable "Completion time:..." in SQL Server Messages window

Why does chown not work in RUN command in Docker?

How to reduce Sinas Chinam

If a digital camera can be "hacked" in the ransomware sense, how best to protect it?

Simplification of numbers

How can this older-style irrigation tee be replaced?

Are employers legally allowed to pay employees in goods and services equal to or greater than the minimum wage?

Normalization constant of a planar wave

How to describe accents?

Does the Fireball spell damage objects?

On math looking obvious in retrospect

Bitcoin successfully deducted on sender wallet but did not reach receiver wallet

How to divide item stack in MC PE?

Why command hierarchy, if the chain of command is standing next to each other?

Is it feasible to get a hash collision for CRC32, MD-5 and SHA-1 on one file?

Lengthened voiced stops and the airstream through the nose

How much maintenance time did it take to make an F4U Corsair ready for another flight?

How to retreive domain name from salesforce org

Is it feasible to get a hash collision for CRC32, MD-5 and SHA-1 on one file?

How hard is it to generate a simultaneous MD5 and SHA1 collision?Brute forcing CRC-32Is Dropbox's hashing method cryptographically secure?Is there a generic attack on encrypted CRC32 when used as a MAC?CRC32 vs. low 32 bits of cryptographic hashIntegrity compromised - HASH modifiedWould SHA-1 be safe for certificates with short validity?Checksum vs. non-cryptographic hashHow does the attack on MD5 work that allows a file to show its own (full) hash?How is it possible to detect “unknown SHA-1 cryptanalytic collision attacks given just a single file from a colliding file pair”?

1 Answer
1

active

oldest

votes

5

$begingroup$

Finding a simultaneous collision for all three would take the effort of approximately $2^72$ SHA-1 compression function evaluations.

The overall idea would be to take the general $2^67$ idea found in the answer to How hard is it to generate a simultaneous MD5 and SHA1 collision? and perform the attack 33 successive times (generating 33 places in the hash image where we can take either $X_i$ or $Y_i$ without affecting either the MD5 or SHA-1 hash).

That'll give us a total of $2^33$ images with all the same MD5 and SHA-1 hash; there must be a pair of images with the same CRC-32 value as well, and so that solves the problem.

Whether $2^72$ operations is in the realm of feasibility is another question entirely...

share|improve this answer

answered 9 hours ago

ponchoponcho

98.2k22 gold badges160160 silver badges258258 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  I was brought here by the curiosity of the question and I'm a bit hung up on the feasibility side. Yes it is technically possible but 2^72 is a number that my mind just spits back as "impossibly huge". Does this mean it is within the realms of a guy sitting in a basement with an old i3 box or is it all the computers in the world running until the eventual heat death of the universe?
  $endgroup$
  – Mokubai
  9 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  @Mokubai: it's probably closer to 'if the NSA (or possibly Goggle or Amazon) decide to devote all their assets on this one problem, they could probably do it in a not-unreasonable amount of time...'.
  $endgroup$
  – poncho
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Okay, so it's within the realms of possibility of nation-state actors, but probably beyond your average malware or script-kiddie. That is unless he has a pretty large botnet... Not unreasonable to achieve, but probably costs far more than it is ever going to worth unless the target is a) incredibly paranoid (to be using/checking all three hashes) and b) extremely high value. Thank you for indulging my curiosity :)
  $endgroup$
  – Mokubai
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  The Bitcoin network has a hash rate of $2^72$ hashes every three days. It's more than one guy in a basement but far less than heat death of the universe. It's also probably far less than what the NSA could manage.
  $endgroup$
  – djao
  6 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  I was half expecting to see an answer of "Yeah, these two files."
  $endgroup$
  – Joshua
  2 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f72549%2fis-it-feasible-to-get-a-hash-collision-for-crc32-md-5-and-sha-1-on-one-file%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

5

$begingroup$

Finding a simultaneous collision for all three would take the effort of approximately $2^72$ SHA-1 compression function evaluations.

The overall idea would be to take the general $2^67$ idea found in the answer to How hard is it to generate a simultaneous MD5 and SHA1 collision? and perform the attack 33 successive times (generating 33 places in the hash image where we can take either $X_i$ or $Y_i$ without affecting either the MD5 or SHA-1 hash).

That'll give us a total of $2^33$ images with all the same MD5 and SHA-1 hash; there must be a pair of images with the same CRC-32 value as well, and so that solves the problem.

Whether $2^72$ operations is in the realm of feasibility is another question entirely...

share|improve this answer

answered 9 hours ago

ponchoponcho

98.2k22 gold badges160160 silver badges258258 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  I was brought here by the curiosity of the question and I'm a bit hung up on the feasibility side. Yes it is technically possible but 2^72 is a number that my mind just spits back as "impossibly huge". Does this mean it is within the realms of a guy sitting in a basement with an old i3 box or is it all the computers in the world running until the eventual heat death of the universe?
  $endgroup$
  – Mokubai
  9 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  @Mokubai: it's probably closer to 'if the NSA (or possibly Goggle or Amazon) decide to devote all their assets on this one problem, they could probably do it in a not-unreasonable amount of time...'.
  $endgroup$
  – poncho
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Okay, so it's within the realms of possibility of nation-state actors, but probably beyond your average malware or script-kiddie. That is unless he has a pretty large botnet... Not unreasonable to achieve, but probably costs far more than it is ever going to worth unless the target is a) incredibly paranoid (to be using/checking all three hashes) and b) extremely high value. Thank you for indulging my curiosity :)
  $endgroup$
  – Mokubai
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  The Bitcoin network has a hash rate of $2^72$ hashes every three days. It's more than one guy in a basement but far less than heat death of the universe. It's also probably far less than what the NSA could manage.
  $endgroup$
  – djao
  6 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  I was half expecting to see an answer of "Yeah, these two files."
  $endgroup$
  – Joshua
  2 hours ago
  

  
  
  
  

add a comment | 

5

$begingroup$

Finding a simultaneous collision for all three would take the effort of approximately $2^72$ SHA-1 compression function evaluations.

The overall idea would be to take the general $2^67$ idea found in the answer to How hard is it to generate a simultaneous MD5 and SHA1 collision? and perform the attack 33 successive times (generating 33 places in the hash image where we can take either $X_i$ or $Y_i$ without affecting either the MD5 or SHA-1 hash).

That'll give us a total of $2^33$ images with all the same MD5 and SHA-1 hash; there must be a pair of images with the same CRC-32 value as well, and so that solves the problem.

Whether $2^72$ operations is in the realm of feasibility is another question entirely...

share|improve this answer

answered 9 hours ago

ponchoponcho

98.2k22 gold badges160160 silver badges258258 bronze badges

$endgroup$

• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  I was brought here by the curiosity of the question and I'm a bit hung up on the feasibility side. Yes it is technically possible but 2^72 is a number that my mind just spits back as "impossibly huge". Does this mean it is within the realms of a guy sitting in a basement with an old i3 box or is it all the computers in the world running until the eventual heat death of the universe?
  $endgroup$
  – Mokubai
  9 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  @Mokubai: it's probably closer to 'if the NSA (or possibly Goggle or Amazon) decide to devote all their assets on this one problem, they could probably do it in a not-unreasonable amount of time...'.
  $endgroup$
  – poncho
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  Okay, so it's within the realms of possibility of nation-state actors, but probably beyond your average malware or script-kiddie. That is unless he has a pretty large botnet... Not unreasonable to achieve, but probably costs far more than it is ever going to worth unless the target is a) incredibly paranoid (to be using/checking all three hashes) and b) extremely high value. Thank you for indulging my curiosity :)
  $endgroup$
  – Mokubai
  8 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  The Bitcoin network has a hash rate of $2^72$ hashes every three days. It's more than one guy in a basement but far less than heat death of the universe. It's also probably far less than what the NSA could manage.
  $endgroup$
  – djao
  6 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  I was half expecting to see an answer of "Yeah, these two files."
  $endgroup$
  – Joshua
  2 hours ago
  

  
  
  
  

add a comment | 

$begingroup$

Finding a simultaneous collision for all three would take the effort of approximately $2^72$ SHA-1 compression function evaluations.

The overall idea would be to take the general $2^67$ idea found in the answer to How hard is it to generate a simultaneous MD5 and SHA1 collision? and perform the attack 33 successive times (generating 33 places in the hash image where we can take either $X_i$ or $Y_i$ without affecting either the MD5 or SHA-1 hash).

That'll give us a total of $2^33$ images with all the same MD5 and SHA-1 hash; there must be a pair of images with the same CRC-32 value as well, and so that solves the problem.

Whether $2^72$ operations is in the realm of feasibility is another question entirely...

share|improve this answer

answered 9 hours ago

ponchoponcho

98.2k22 gold badges160160 silver badges258258 bronze badges

$endgroup$

share|improve this answer

answered 9 hours ago

ponchoponcho

98.2k22 gold badges160160 silver badges258258 bronze badges

answered 9 hours ago

ponchoponcho

98.2k22 gold badges160160 silver badges258258 bronze badges

answered 9 hours ago

ponchoponcho

98.2k22 gold badges160160 silver badges258258 bronze badges