Cracking SHA1(linkedin)
#11
Yes the odds of that happening are 1 in (2^(160-20 bits)) = 1/2^140 ~ 1 in 1.39e42

Yet it seems someone may have discovered such a collision:


source: https://www.win.tue.nl/~aeb/linux/john/john.html
"LinkedIn hashes:
After the release of 6.5 million LinkedIn hashes, a patch JtR-Jumbo-5-LinkedIn-SHA1.diff for john was published that handles the raw-sha1_li format of SHA1 with the first twenty bits zeroed. Be careful:

% echo -n sunshine09 | shasum
3b1787e7bd710592ee36264a72d6aa35c2d165f9 -
% grep `echo -n sunshine09 | shasum | cut -c6-40` combo_not.txt
a96807e7bd710592ee36264a72d6aa35c2d165f9
000007e7bd710592ee36264a72d6aa35c2d165f9

Here ‘sunshine09’ is a password that fits the second, but not the first hash. (If the first hash is an actual password hash, this is a very remarkable coincidence: a 140-bit SHA1 near-collision.) By mistake the formats raw-sha1 and raw-sha1_li are both labeled dynamic_26."
Reply


Messages In This Thread
Cracking SHA1(linkedin) - by whabikhazri - 08-10-2020, 05:41 PM
RE: Cracking SHA1(linkedin) - by royce - 08-10-2020, 05:45 PM
RE: Cracking SHA1(linkedin) - by whabikhazri - 08-10-2020, 07:05 PM
RE: Cracking SHA1(linkedin) - by philsmd - 08-10-2020, 07:07 PM
RE: Cracking SHA1(linkedin) - by royce - 08-10-2020, 08:45 PM
RE: Cracking SHA1(linkedin) - by whabikhazri - 08-11-2020, 01:43 AM
RE: Cracking SHA1(linkedin) - by philsmd - 08-11-2020, 09:57 AM
RE: Cracking SHA1(linkedin) - by whabikhazri - 08-11-2020, 05:25 PM
RE: Cracking SHA1(linkedin) - by mailmuncher2000 - 02-13-2021, 11:21 AM
RE: Cracking SHA1(linkedin) - by royce - 02-13-2021, 06:22 PM
RE: Cracking SHA1(linkedin) - by mailmuncher2000 - 02-14-2021, 01:06 AM
RE: Cracking SHA1(linkedin) - by mailmuncher2000 - 02-14-2021, 07:46 AM