On Sun, Feb 26, 2017 at 07:57:19PM +0100, Thomas Braun wrote: > While reading about the subject I came across [1]. The author reduced > the hash size to 4bits and then played around with git. > > Diff taken from the posting (not my code) > --- git-2.7.0~rc0+next.20151210.orig/block-sha1/sha1.c > +++ git-2.7.0~rc0+next.20151210/block-sha1/sha1.c > @@ -246,6 +246,8 @@ void blk_SHA1_Final(unsigned char hashou > blk_SHA1_Update(ctx, padlen, 8); > > /* Output hash */ > - for (i = 0; i < 5; i++) > - put_be32(hashout + i * 4, ctx->H[i]); > + for (i = 0; i < 1; i++) > + put_be32(hashout + i * 4, (ctx->H[i] & 0xf000000)); > + for (i = 1; i < 5; i++) > + put_be32(hashout + i * 4, 0); > }
Yeah, that is a lot more flexible for experimenting. Though I'd think you'd probably want more than 4 bits just to avoid accidental collisions. Something like 24 bits gives you some breathing space (you'd expect a random collision after 4096 objects), but it's still easy to do a preimage attack if you need to. -Peff
