CRC32, MD5 and SHA-1 are all broken and it will just become easier for people to misuse their weakness in the future. I suggest that redump adds a field for SHA-256 to disc pages. Or even if iR0b0t doesn't want to add a new field, the data could be added in the comment field. Of course for discs added before this change, the information will have to be added retroactively as fixes.
1 2020-01-11 19:40:08 (edited by Hiccup 2020-01-11 19:43:34)
2 2020-01-11 20:01:44
Why would anyone try to crack the hashes of games' images? SHA-1 is even an overkill for the purposes of redump.org, SHA-256 would be absolutely redundant.
3 2020-01-11 21:02:18
"Why would anyone try to crack the hashes of games' images?"
Just to mislead people.
4 2020-01-11 21:52:50
Any of CRC32, MD5 and SHA-1 is not secure. But all combined?
5 2020-01-12 06:56:04
reentrant wrote:
Any of CRC32, MD5 and SHA-1 is not secure. But all combined?
All combined and with a specific file size as per current dats should be an astronomically small chance of a hash collision, even if someone tried to do this intentionally. I don't think our roms can be faked with current level of knowledge.
6 2020-01-13 17:17:30
I don't think its practical to fake ROMs currently, but in the future it may be, so I think it'd be a good idea to get future-proof hashes before that point arrives.
7 2020-01-13 18:27:15 (edited by wiggy2k 2020-01-13 18:36:34)
- wiggy2k
- Dumper
- Offline
didn't it take google engineers like 100 years of CPU time to do a POC collision for SHA-1 ?
edit: nope i was a mile off,
Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
6,500 years of CPU computation to complete the attack first phase
110 years of GPU computation to complete the second phase
I don't think we have anything to be worried about there for the forseable future.