0

Is it possible to have a file with the same SHA1 and content? For example:

File context: x

SHA1 of the file: x

1 Answers1

2

Is it possible to have a file with the same SHA1 and content?

It is possible, but we do not presently have any example that I know of.

To know for sure, we would have to try calculating very many SHA1 values--approximately one thousand billion billion billion billion billion values (i.e., approximately 2 raised to the power of 160 values).

In practice, we can't check this many hash values.

To get a flavor of the likelihood that there is some x for which SHA1(x) = x, we can restrict ourselves to just considering x of length 160 bits (since the output of SHA1 is always 160 bits).

If we assume that SHA1 is uniformly random (which is it not, but here we are just trying to get a feel for the problem), and we call y = SHA1(x), then under this assumption the probability that y=x is 1/(2^160).

Under this assumption, the probability that y is different from x is (1 - 1/2^160).

There are 2^160 possible inputs, so under this assumption the probability that every input is different from its output is (1 - 1/2^160)^(2^160).

And so, under this assumption, the probability that some x equals SHA1(x) is ( 1 - ( 1 - 1/2^160 )^(2^160) ).

Using the definition of the exponential function, we see that this is approximately 1 - 1/e, which is approximately 63%.

As another example, suppose that SHA1 didn't uniformly map its input to the entire range of N=2^160 outputs. But, rather, suppose it uniformly mapped to a smaller range M. In this case, we are even more likely to be able to find an x such that SHA1(x)=x. In this case the probability to find one such x is 1 - e^(-N/M).

As M gets much smaller than N, we are almost assured to find an x such that SHA1(x)=x (under the assumptions stated).

So, I would guess that it is likely that there exists an x such that SHA1(x) = x. But nevertheless it is just very hard to find such a x.

hft
  • 219
  • 3
  • 10