SHA-1 collision

The full collision is a result of two subsequent manipulations of the compression function. The first manipulation brings the hash function's internal state only slightly out of sync, while the second manipulation (which is the actual collision) brings them back into sync.

An interesting thing to note is that although the messages of the first and second blocks are different, the difference pattern between them is the same.

Legend:

grey: message block. Each bit is taken directly from the PDF files.
red: message schedule. Each bit is an XOR over the bits from the message block.
yellow: internal state. Each word is computed as a function of the previous 5 state words and the corresponding word from the message/message schedule.
green: intermediate hash value. This is a sum of the initial vector and each block.

First message block

	good.pdf	bad.pdf	difference		good.pdf	bad.pdf	difference
message				state
schedule				state
				hash

Second message block (collision)

	good.pdf	bad.pdf	difference		good.pdf	bad.pdf	difference
message				state
schedule				state
				hash