1. 69
  1. 8

    For extra impressiveness:

    This was particularly tricky to make work because the image data in a PNG needs to have a valid adler32 checksum, and a valid crc32 checksum.

    1. 6

      How do you get hash to start with 1337? That alone seems an accomplishment. Brute force by making 10,000+ hashes of tiny differences in the image?

      1. 16

        That was the easy part. Note that it ends in 1337 too, making it a 2^32 bruteforce - only a few minutes with a naive multi-threaded CPU bruteforce.

      2. 5

        If anyone breaks sha1 too, please make an image like this that has both the sha1 and the md5 in it, but trollb everyone by writing them the wrong way around

        1. 2

          wow, this is pretty impressive

          1. 1

            There is a lot application for this. An app can do near instant and low-cost (network latency mostly I think) verification without relying on the internet. Probably the big thing is the user looking at their device can see visually in the image the same hash the app says it’s verified - more tangible to non-tech people . However, at some point they would have to be ‘real’ verification - getting the sha256 from the ‘source of truth’ (servers or nodes on the internet) if it’s important enough. For example, someone could locally verify if an image is the high resolution NFT that only the owner can unlock, or is the public version, faster than checking some node across the internet. Plenty of other things, but that was the first thing that popped up in my mind.

            1. 13

              The only application for this is to demonstrate that MD5 is broken as a cryptographic hash function.

              Also to do so in a physically beautiful way, it’s art.

              1. 1

                Think you’re right on on both parts. But not just art and demonstration. If I’m not mistaken it would take over 24hrs to compute another image with the same md5 hash, if using the same computer the creator used. So it can’t be cracked instantly. There’s gotta be some app of the future that could leverage that probabilistic safe window, albeit a narrowing window over the years. I could be wrong.

                1. 11

                  Please don’t make up another proof-of-work system based on hash quines. The previous ones already wasted enough energy.

                  1. 1

                    Art isn’t a waist of energy. Joke.