0

how hard is it to find x where sha1(x) = x? where x is the form of 'c999303647068a6abaca25717850c26c9cd0d89c'

i think the fact that there are sha1 collisions make this possible, but, how easy (or hard) is it to find an example?

Mechanical snail
  • 29,755
  • 14
  • 88
  • 113
Titi Wangsa Bin Damhore
  • 858
  • 7
  • 11
  • Upper or lowercase hex characters? ;-) – Lucero Oct 14 '10 at 17:18
  • 2
    Actually, it's entirely possible that no such x exists for an arbitrary hash function (as for SHA1 specifically, I don't know). – Victor Nicollet Oct 14 '10 at 17:20
  • 1
    Do you mean "How to find the values of x such that sha1(x) = 'C999303...'"? – Nick T Oct 14 '10 at 17:20
  • no Nick T. I mean what string, when hashed becomes itself. – Titi Wangsa Bin Damhore Oct 15 '10 at 14:46
  • or in other words, find x where sha1(sha1(x)) = sha1(x), – Titi Wangsa Bin Damhore Oct 15 '10 at 14:49
  • @user460856: If `sha1(sha1(x)) = sha1(x)` is what you're looking for, I very much doubt such an `x` exists. Why do you think sha1 collisions make that possible? There must be collisions as the input can be of arbitrary length, but in what way does that obvious fact increase the probability of such `x` existing? I am not completely rejecting the possibility of such an `x` existing, but I do find that highly unlikely. – usta Oct 15 '10 at 19:20
  • possible duplicate of [Is there any x for which SHA1(x) equals x?](http://stackoverflow.com/questions/2340524/is-there-any-x-for-which-sha1x-equals-x) – Mechanical snail Sep 14 '12 at 23:54

4 Answers4

5

Read Cryptanalysis of SHA-1 on Wikipedia. There's more information than you need on that article and its references combined.

Edit:

how hard is it to find x where sha1(x) = x?

Such an attack is known as a preimage attack and finding such an x is usually much harder than a general collision attack, i.e. finding arbitrary x1 and x2 such that sha(x1) = sha(x2).

casablanca
  • 69,683
  • 7
  • 133
  • 150
  • 1
    This answer doesn't seem right to me. The question is not asking, for some fixed x, for a y such that sha1(y) = x. It's asking for an x such that sha1(x) = itself. – David Schneider-Joseph Apr 16 '22 at 17:34
2

SHA1 Collisions can be Found in 2^63 Operations. I would say its rather hard. You could go about brute forcing it. Get the book applied cryptography and sit down for a read. Look into the Birthday Paradox, which can be used to find collisions.

justinhj
  • 11,147
  • 11
  • 58
  • 104
CrazyDart
  • 3,803
  • 2
  • 23
  • 29
  • And as a general rule, a hash collision to a perfectly secure hash should take 2^(n/2) attempts (eg: a perfectly secure SHA1 would require 2^80 attempts because it has 160 bits). See: [Birthday attack](http://en.wikipedia.org/wiki/Birthday_attack) – NullUserException Oct 14 '10 at 17:22
  • 1
    bday paradox can be used to find arbitrary collisions within the hash domain. It does not transfer information on finding a seed for a particular hash – Eric Oct 14 '10 at 17:32
  • your link just goes to the rsa.com home page. – Don Hatch Feb 18 '18 at 04:29
0

The one most important reason for existence of cryptographic hash functions (of which SHA family functions are) is to make finding inputs corresponding to a given digest difficult. A cryptographic hash function producing N-bit digests is considered good if to find a matching input one must perform 2^N/2 operations in average, that is, no other way than brute-force is reliably possible.

usta
  • 6,699
  • 3
  • 22
  • 39
0

So you are searching for mathematical invariant for SHA1 transformation. invariant subspace problem. :-)

yadab
  • 2,063
  • 1
  • 16
  • 24