This C program is an implementation of the
collision attack on SHA-0 of Xiaoyun Wang et al.
Warning: It may take weeks to find a collision on a
standard PC.
The meaning of the characters that are printed on
the screen while the program is running is the following. Interpret
each character as a hexadecimal digit (x). On the average, when
x has been printed 2x times, you should
expect a collision. E.g., you should expect to see 212 c's
before a collision is found.
You are free to modify and distribute the source code. All comments
are welcome at crypto<at>znoren·dk. Please
note that the program only produces correct results on 32-bit
little-endian systems.
This
message and this message collide in
SHA-0. Their common SHA-0 hash is
641b197e8c06201de3aef9cf23218e610bc7d710.
(This
collision was found in about 5 hours on a 2GHz notebook using the seed
1137080725, compiled with gcc-4.0 in Linux. Most collisions will take
considerably longer to find.)
Copyleft 2006 Søren Steffen Thomsen