0

I want to test my application when it gets tricked by a false passed SHA-160 sum and thus would like to compute a change to the data being summed which results in the original SHA-160 sum again and thus would be missed. I am using the Botan library in C++ to compute the sum.

How can I compute a change to a bit stream that is around 1500 bits such that its SHA-160 is identical to the original?

WilliamKF
  • 41,123
  • 68
  • 193
  • 295

1 Answers1

3

The short answer is: you can't.

The long answer is: you can, but only with vast amounts of computation power. The entire purpose of hash algorithms is to make it hard to find collisions. If it were easy to find a collision, then there'd be little point in using the hash algorithm.

To solve your test problem, I suggest abstracting away the file-reading/hash-computing part of your application into a separate class, and then mocking it with a fake hash implementation in order to test the rest of the application.

Oliver Charlesworth
  • 267,707
  • 33
  • 569
  • 680
  • +1. For testing, you can replace your SHA-160 function with an intentionally-broken hash function. (For example, you can specifically test for particular bit patterns and return the same hash for chosen patterns.) – David Schwartz Jul 08 '12 at 13:06