This semester, we have a lecture called IT Security by a guy, who absolutely know his subject.
Nevertheless, he wanted to show us that sha256 is broken by an existing collision. (Google that, fellow ranters!)
There are two pdf files by google researchers, that show the caption „SHAttered“ both on different backgrounds, although they give the same SHA-hash.
He then tried to share us these two files by moodle and wondered, why he uploaded the same file twice.
Guess what happened? The moodle backend checks new uploaded files for their ... hash ... and then decides, weather to upload or the file is already existing. So, it did just a new symlink to the old file.
Ironic, that an exercise, that should show us sha collision failures on sha collision 😃

  • 4
    He probably did that on purpose.
  • 3
    I think you meant to say SHA-1 collition, that is the one that was found this year, SHA-2 hasnt being "broken" yet last time I checked
  • 5
    Sha256 is already broken?
    You sure you don’t mean sha1?

    I guess sha512 here I come
  • 3
    But then again if you were targetted by someone with that amount of power, they could simply DDoS you constantly, that is assuming you didnt bother salting at least your hashes if you arent using any of the other hashing algos
  • 1
    @notcool Yes, correct, it was SHA-1.

    I don‘t think, that he did that on purpose. Only after a few minutes of thinking, the idea was born, that we already have an collision in the moodle
    system 😃
Add Comment