Highlighted
Not applicable

SHA-1 Collision and XtremIO ProofOfConcept

Shattered SHA-1 collision PoC (https://shattered.io/)!

Not always, but in some cases (still under precision and investigation), the second .PDF (the red one) is ignored and substituted (inline deduplication) by first (the blue one) when it is written to a XtremIO volume

0 Kudos
Reply
2 Replies
Highlighted
4 Tellurium

Re: SHA-1 Collision and XtremIO ProofOfConcept

Not sure what you are pointing to...can you share more details of what test you did and the results?

0 Kudos
Reply
Highlighted
Not applicable

Re: SHA-1 Collision and XtremIO ProofOfConcept

According to https://shattered.io/ there is first SHA-1 collision ever.

So we have two different files (two .PDFs respectively, the blue one and the red one) with identical SHA-1 hash. Also first 4k blocks of files also are different but with the same SHA-1 hash and first 8k blocks of files also are different but with the same SHA-1 hash (it can be checked even via CRC32 of theses)

In theory, as XtremIO use SHA-1 inline deduplication, all of both - files, first 4k and first 8k blocks must be deduplicated.

In real world example it happens not always, but in some cases (still under precision and investigation):

* the second .PDF (the red one) is ignored and substituted (inline deduplication) by first (the blue one) when it is written to a XtremIO volume

* for 4k blocks substitution not watched yet...

* for 8k blocks substitution not watched yet...

0 Kudos
Reply