{"id":13644218,"url":"https://github.com/cr-marcstevens/sha1collisiondetection","last_synced_at":"2025-05-15T18:11:21.379Z","repository":{"id":39600116,"uuid":"79266540","full_name":"cr-marcstevens/sha1collisiondetection","owner":"cr-marcstevens","description":"Library and command line tool to detect SHA-1 collision in a file","archived":false,"fork":false,"pushed_at":"2024-07-24T03:27:06.000Z","size":610,"stargazers_count":1342,"open_issues_count":15,"forks_count":192,"subscribers_count":64,"default_branch":"master","last_synced_at":"2025-04-03T23:08:22.330Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cr-marcstevens.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-01-17T20:02:49.000Z","updated_at":"2025-04-03T08:52:11.000Z","dependencies_parsed_at":"2024-08-02T01:18:04.499Z","dependency_job_id":null,"html_url":"https://github.com/cr-marcstevens/sha1collisiondetection","commit_stats":{"total_commits":84,"total_committers":14,"mean_commits":6.0,"dds":0.6547619047619048,"last_synced_commit":"b4a7b0b157d08609cbe66ddf919b2aa86c3f16b2"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr-marcstevens%2Fsha1collisiondetection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr-marcstevens%2Fsha1collisiondetection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr-marcstevens%2Fsha1collisiondetection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr-marcstevens%2Fsha1collisiondetection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cr-marcstevens","download_url":"https://codeload.github.com/cr-marcstevens/sha1collisiondetection/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248489237,"owners_count":21112535,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:01:59.282Z","updated_at":"2025-04-11T22:29:25.740Z","avatar_url":"https://github.com/cr-marcstevens.png","language":"C","funding_links":[],"categories":["Cryptography","C"],"sub_categories":[],"readme":"# sha1collisiondetection\nLibrary and command line tool to detect SHA-1 collisions in files\n\nCopyright 2017 Marc Stevens \u003cmarc@marc-stevens.nl\u003e\n\nDistributed under the MIT Software License.\n\nSee accompanying file LICENSE.txt or copy at https://opensource.org/licenses/MIT.\n\n## Developers\n\n- Marc Stevens, CWI Amsterdam (https://marc-stevens.nl)\n- Dan Shumow, Microsoft Research (https://www.microsoft.com/en-us/research/people/danshu/)\n\n## About\nThis library and command line tool were designed as near drop-in replacements for common SHA-1 libraries and sha1sum.\nThey will compute the SHA-1 hash of any given file and additionally will detect cryptanalytic collision attacks against SHA-1 present in each file. It is very fast and takes less than twice the amount of time as regular SHA-1.\n\nMore specifically they will detect any cryptanalytic collision attack against SHA-1 using any of the top 32 SHA-1 disturbance vectors with probability 1:\n```\n    I(43,0), I(44,0), I(45,0), I(46,0), I(47,0), I(48,0), I(49,0), I(50,0), I(51,0), I(52,0),\n    I(46,2), I(47,2), I(48,2), I(49,2), I(50,2), I(51,2),\n    II(45,0), II(46,0), II(47,0), II(48,0), II(49,0), II(50,0), II(51,0), II(52,0), II(53,0), II(54,0), II(55,0), II(56,0),\n    II(46,2), II(49,2), II(50,2), II(51,2)\n```\nThe possibility of false positives can be neglected as the probability is smaller than 2^-90.\n\nThe library supports both an indicator flag that applications can check and act on, as well as a special _safe-hash_ mode that returns the real SHA-1 hash when no collision was detected and a different _safe_ hash when a collision was detected.\nColliding files will have the same SHA-1 hash, but will have different unpredictable safe-hashes.\nThis essentially enables protection of applications against SHA-1 collisions with no further changes in the application, e.g., digital signature forgeries based on SHA-1 collisions automatically become invalid.\n\nFor the theoretical explanation of collision detection see the award-winning paper on _Counter-Cryptanalysis_:\n\nCounter-cryptanalysis, Marc Stevens, CRYPTO 2013, Lecture Notes in Computer Science, vol. 8042, Springer, 2013, pp. 129-146,\nhttps://marc-stevens.nl/research/papers/C13-S.pdf\n\n## Compiling\n\nRun:\n```\nmake\n```\n\n## Command-line usage\n\nThere are two programs `bin/sha1dcsum` and `bin/sha1dcsum_partialcoll`.\nThe first program `bin/sha1dcsum` will detect and warn for files that were generated with a cryptanalytic SHA-1 collision attack,\nlike the one documented at https://shattered.io/ as well as the later derived attack https://sha-mbles.github.io/.\nThe second program `bin/sha1dcsum_partialcoll` will detect and warn for files that were generated with a cryptanalytic collision attack against reduced-round SHA-1 (of which there are a few examples so far).\n\nExamples:\n```\nbin/sha1dcsum test/sha1_reducedsha_coll.bin test/shattered-1.pdf\nbin/sha1dcsum_partialcoll test/sha1reducedsha_coll.bin test/shattered-1.pdf\npipe_data | bin/sha1dcsum -\n```\n\n## Library usage\n\nSee the documentation in `lib/sha1.h`. Here is a simple example code snippet:\n```\n#include \u003csha1dc/sha1.h\u003e\n\nSHA1_CTX ctx;\nunsigned char hash[20];\nSHA1DCInit(\u0026ctx);\n\n/** disable safe-hash mode (safe-hash mode is enabled by default) **/\n// SHA1DCSetSafeHash(\u0026ctx, 0);\n/** disable use of unavoidable attack conditions to speed up detection (enabled by default) **/\n// SHA1DCSetUseUBC(\u0026ctx, 0); \n\nSHA1DCUpdate(\u0026ctx, buffer, (unsigned)(size));\n\nint iscoll = SHA1DCFinal(hash,\u0026ctx);\nif (iscoll)\n    printf(\"collision detected\");\nelse\n    printf(\"no collision detected\");\n```\n\n## Inclusion in other programs\n\nIn order to make it easier to include these sources in other project\nthere are several preprocessor macros that the code uses. Rather than\ncopy/pasting and customizing or specializing the code, first see if\nsetting any of these defines appropriately will allow you to avoid\nmodifying the code yourself.\n\n- SHA1DC_NO_STANDARD_INCLUDES\n\n Skips including standard headers. Use this if your project for\n whatever reason wishes to do its own header includes.\n\n- SHA1DC_CUSTOM_INCLUDE_SHA1_C\n\n  Includes a custom header at the top of sha1.c. Usually this would be\n  set in conjunction with SHA1DC_NO_STANDARD_INCLUDES to point to a\n  header file which includes various standard headers.\n\n- SHA1DC_INIT_SAFE_HASH_DEFAULT\n\n  Sets the default for safe_hash in SHA1DCInit(). Valid values are 0\n  and 1. If unset 1 is the default.\n\n- SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C\n\n  Includes a custom trailer in sha1.c. Useful for any extra utility\n  functions that make use of the functions already defined in sha1.c.\n\n- SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H\n\n  Includes a custom trailer in sha1.h. Useful for defining the\n  prototypes of the functions or code included by\n  SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_C.\n\n- SHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C\n\n  Includes a custom header at the top of ubc_check.c.\n\n- SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_C\n\n  Includes a custom trailer in ubc_check.c.\n\n- SHA1DC_CUSTOM_TRAILING_INCLUDE_UBC_CHECK_H\n\n  Includes a custom trailer in ubc_check.H.\n\nThis code will try to auto-detect certain things based on\nCPU/platform. Unless you're running on some really obscure CPU or\nporting to a new platform you should not need to tweak this. If you do\nplease open an issue at\nhttps://github.com/cr-marcstevens/sha1collisiondetection\n\n- SHA1DC_FORCE_LITTLEENDIAN / SHA1DC_FORCE_BIGENDIAN\n\n  Override the check for processor endianenss and force either\n  Little-Endian or Big-Endian.\n\n- SHA1DC_FORCE_UNALIGNED_ACCESS\n\n  Permit unaligned access. This will fail on e.g. SPARC processors, so\n  it's only permitted on a whitelist of processors. If your CPU isn't\n  detected as allowing this, and allows unaligned access, setting this\n  may improve performance (or make it worse, if the kernel has to\n  catch and emulate such access on its own).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcr-marcstevens%2Fsha1collisiondetection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcr-marcstevens%2Fsha1collisiondetection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcr-marcstevens%2Fsha1collisiondetection/lists"}