在圖片裡面放入圖片本身的 MD5 值

Hacker News Daily 上看到「The image in this post displays its own MD5 hash (retr0.id)」這篇,作者想要產生一張 PNG 圖,這張圖的 MD5 值就在圖片上呈現。然後作者本人有出現在 Hacker News 討論串上面,提到流量撐不住,所以丟到 Twitter 上面 (而很幸運的,Twitter 沒有壓這張圖,是保留原圖,所以可以驗證 MD5):

另外一個有趣的主題是同時撞出一樣的 MD5 與 CRC32 的方式,其中 CRC32 的部份還可以直接指定值,在「MD5 Collision with CRC32 Preimage (gist.github.com)」這邊。

算是很趣味的玩法啦,畢竟 MD5 已經被大家知道是個 broken cryptographic hash function...

PHP 的 crc32、crc32b 以及 hash_file

PHP 上 CRC32 的資料時,查到讓人噴飯的 comment

For those who are wondering, there appears to be no fundamental difference between hash_file('md5')/hash_file('sha1') and md5_file()/sha1_file(). They produce identical output and have comparable performance.

There is, however, a difference between hash_file('crc32') and something silly like crc32(file_get_contents()).

crc32(file_get_contents())'s results are most similar to those of hash_file('crc32b'), just with the octets reversed:

<?php
$fname = "something.png";

$hash = hash_file( 'crc32', $fname );
echo "crc32  = $hash\n";

$hash = hash_file( 'crc32b', $fname );
echo "crc32b = $hash\n";

$hash = sprintf("%x",crc32(file_get_contents($fname)));
echo "manual = $hash\n";
?>

crc32  = f41d7f4e
crc32b = 7dafbba4
manual = a4bbaf7d

不只是 hash_file() 抓出來不一樣,連 algorithm 都來亂...