1

My colleague remembers and old backup tool, packaged as a standard bootable ISO image. He thinks the file was about ~250 MB, containing a MD5SUM.txt, which included the MD5 Checksum of the entire ISO image.

I am no crypto/hash expert, but according to my understanding of checksum methods, he is wrong. He should have downloaded checksum separately, or else, the vendor should have had a hard time guessing the right MD5 such that adding it's hex form in a text file beside all other contents of the image makes the exact same checksum, right? I can't think of any shortcut to calculate such checksum.

(Unfortunately we don't have the ISO right now, so that I can win the bet and get a free beer.)

Soroush Rabiei
  • 111
  • 4

1 Answers1

2

With a secure hash function what you are describing is entirely impossible. MD5 is considered totally broken and yet I am unaware of a method of accomplishing this feat even with known multi collision attacks.
SEJPM gave a relevant link to what can be done with multi collision attacks on MD5 but placing the resulting hash in plain text is harder and I don't believe has been done. Definitely didn't happen as a matter of fact implementation detail. Should someone do this even with MD5 it would be a significant cryptography feat.

In order to demonstrate that with a turing complete format it is easy to have a file produce its own hash with no need for cryptanalysis: I created a proof of concept and wrote a Scala program which prints its own SHA-256 hash. This technique can work with any hash function, and any turing complete language, including postscript https://gist.githubusercontent.com/meirmaor/3d858568d5da35f568fe96687ed7dbaf/raw/c26d3bdd298567e76e92c6c37ab96e353a3d8cdf/QuineHash.scala

scalac QuineHash.scala
scala QuineHash 6bae798a607d1f74630734435cc93d17c9b92a6705f7663c6fd47f7439c69669

sha256sum QuineHash.scala 6bae798a607d1f74630734435cc93d17c9b92a6705f7663c6fd47f7439c69669 QuineHash.scala

Community
  • 1
Meir Maor
  • 12,053
  • 1
  • 24
  • 55