How can I compute another bit pattern with identical SHA-160 sum?

Question

I want to test my application when it gets tricked by a false passed SHA-160 sum and thus would like to compute a change to the data being summed which results in the original SHA-160 sum again and thus would be missed. I am using the Botan library in C++ to compute the sum.

How can I compute a change to a bit stream that is around 1500 bits such that its SHA-160 is identical to the original?

Answer 1

The short answer is: you can't.

The long answer is: you can, but only with vast amounts of computation power. The entire purpose of hash algorithms is to make it hard to find collisions. If it were easy to find a collision, then there'd be little point in using the hash algorithm.

To solve your test problem, I suggest abstracting away the file-reading/hash-computing part of your application into a separate class, and then mocking it with a fake hash implementation in order to test the rest of the application.