Second preimage attack

Aumasson 07 Nov 2008 12:34

Dear Jason,

Have found a method to find second preimages for HASH 2X. It exploits the fact that two digits with the same integer value modulo 154 will produce the same value of "password" after the loop

```
for x in range(3):
password[0] += password[len(password) - 1]
temp_num = 0
for i in range(len(password)):
password[i] += temp_num
temp_num = password[i]
password = [(j % mod_list[x]) for j in password]
```

The code below, if put in the main program of the Python program in Hash2x.zip, can be used to find second preimages instantaneously, for any digest length.

```
# second preimage attack
length = int(raw_input("Digest bitsize: "))
m1 = raw_input("First message: ")
m2 = [unichr( ord(i)+154 ) for i in m1]
hash1 = candidate(m1, length)
hash2 = candidate(m2, length)
print "\nhash(",m1,")="
print hash1
print "\nhash( ",
for i in m2: print "\b%s" % (i),
print ")="
print hash2,"\n"
if ( hash1 == hash2 ):
print "Collision"
else:
print "No collision"
```

Best,

JP