Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Wednesday September 28 2022, @03:23AM   Printer-friendly
from the very-1337-hash dept.

Arthur T Knackerbracket has processed the following story:

Generating checksums—cryptographic hashes such as MD5 or SHA-256 functions for files is hardly anything new and one of the most efficient means to ascertain the integrity of a file, or to check if two files are identical.

However, generating a file containing its own checksum as part of its content is a task quite daunting, if not seemingly impossible due to a paradox involved in the process.

That has not stopped a researcher from creating a PNG image that contains the file's MD5 checksum, visible within the matrix of pixels that make up the image.

[...] BleepingComputer confirmed the checksum of the image in question is 1337e2ef42b9bee8de06a4d223a51337, which are the characters displayed vertically within the image itself.

[...] A checksum is a smaller-sized chunk of data, or even a digit, derived from another set of digital data as a means to detect errors or data corruption that may have occurred. The idea is that any minor change occurring to the original file or piece of data will alter its checksum indicating that the integrity of the data is now void.

[...] You need the checksum or hash of a file first to include this information within the content of the file itself. But doing so by editing or altering the file will effectively change the file's checksum, therefore making this practice seem impossible.

[...] What Buchanan essentially created is colloquially called a "Hashquine," a term coined in 2017 by hardware and software enthusiast, foone to refer to files that show their own hash.

The same year, Google security engineers, known as spq and Ange Albertini successfully demonstrated the concept by respectively generating GIF and Postscript files that displayed their own hash as part of the file's contents:

[...] What Buchanan has demonstrated today, however, essentially makes the MD5 hashquine technique possible for PNG files.

[...] "Ever since, I wanted to make a PNG hashquine. I thought about it for a while, but couldn't figure it out - the same tricks used for the GIF file format can't be directly applied to PNG."

[...] Buchanan has shared a detailed technical breakdown in a Twitter thread on how he was able to land on his hashquine, and it has to do with leveraging hash collisions:

[...]  It seems it'll be a while until, much like Rogdham, Buchanan is also able to release his code for PNG-MD5 hashquines.

The researcher tells BleepingComputer he's further refining the code which at the time is "a bit of a rube goldberg machine" and potentially working on a paper.


Original Submission

 
This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by HiThere on Wednesday September 28 2022, @01:39PM

    by HiThere (866) Subscriber Badge on Wednesday September 28 2022, @01:39PM (#1274029) Journal

    Well, with many definitions they are different ways of describing the same thing. If you had a table with 125 entries you could use your CP/M checksum as the index. (Which is why some implementations of hash tables have the index pointing to a list of matches that have been entered.)

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2