Stories are starting to roll in about problems that can be caused in existing systems by the “Shattered” PDFs — failed svn commits, and concerns about faking git commits. Here’s an off-the-cuff solution for software implementors who are concerned about the conflict…
Here are the SHA1 checksums of shattered-1.pdf and shattered-2.pdf:
And here are CRC checksums of the same files, generated by cksum:
338397181 422435 shattered-1.pdf
919129914 422435 shattered-2.pdf
The SHA1 checksums may be identical, and the sizes identical, but the CRC checksums are still different. And CRC is computationally cheap. It’s not cryptographically secure, but generating two different files that have both the same SHA1 and the same CRC is that much more difficult.
I don’t know if this is actually useful to anyone, but it’s the first thought I had about how to prevent problems in a practical manner.