Is this one of those NFTs the kids are talking about?
Has anyone confirmed that signature? I think it’s not possible to have the signature as a part of the data itself. Kinda chicken egg problem
*whispers* I stole that signature from cryptostorms warrant canary: https://cryptostorm.is/canary.txt
Here you go:
(MD5 is not PGP, but impressive nonetheless)
I opened the comment section to ask if it was possible to have an image with its own hash.
Thanks.It’s using a combination of multicollision attacks against MD5 and sequences of groups of alternate blocks of data representing the alphabet encoded in a way compatible with the file format.
It’s basically <[a+random]/[b+random]/[c+random]…> * (length of message). The random data is crafted by the attack tool so each block has the exact same effect on the MD5 hashing algorithm as it processes each block. You need to decide how many variable blocks you need and where and their encoding in advance. You encode the blocks so the randomness isn’t visible in the final rendered file.
When you have that prepped, you compute the final hash, then at each block position you select the block representing the letter you want (and its associated random data). So then you can select letters matching the actual file hash value.
It only works against hash functions with practical multicollision attacks. Doesn’t work on SHA256 and newer hashes.
I know some of these words. But I think I roughly understood the general idea. Thanks!
PGP? Surely you mean GnuPG.
Yeah, you’re right. Who thought that it was a good idea to name two things that mean a similar thing PGP and GPG? It is so easy to use the wrong one…
I try to keep things simple by only using GGG or PPP.
Gnu’s Not GnuPGP
