BlackAlps17: Exploiting Hash Collisions by Ange Albertini

When a hash function is first broken, the restrictions on the colliding PoCs pair are very complex: it’s not uncommon that the first public PoCs are just random-looking blocks, with no impact whatsoever on any system, besides being different and with the same hash. In some cases, an identical prefix can be present on the start of both files of the colliding pair, and the collisions blocks are calculated on this exact prefix. It’s then possible to plan in advance a file structure, and craft a prefix that, despite all the randomness of the collision blocks, will lead to a pair of valid files, reliably working, with different and arbitrary contents.
A world of prettifying academic results to convince people to deprecate algorithms, where file formats rules have to be bend to play along with cryptographic restrictions, where PoCs are planned several years before they can be implemented, with a lot of computing power at stake.