Suggestion: Add SHA-256

[Hiccup]

CRC32, MD5 and SHA-1 are all broken and it will just become easier for people to misuse their weakness in the future. I suggest that redump adds a field for SHA-256 to disc pages. Or even if iR0b0t doesn't want to add a new field, the data could be added in the comment field. Of course for discs added before this change, the information will have to be added retroactively as fixes.

[ssjkakaroto]

Why would anyone try to crack the hashes of games' images? SHA-1 is even an overkill for the purposes of redump.org, SHA-256 would be absolutely redundant.

[Hiccup]

"Why would anyone try to crack the hashes of games' images?"
Just to mislead people.

[reentrant]

Any of CRC32, MD5 and SHA-1 is not secure. But all combined?

[Maddog]

Any of CRC32, MD5 and SHA-1 is not secure. But all combined?

All combined and with a specific file size as per current dats should be an astronomically small chance of a hash collision, even if someone tried to do this intentionally. I don't think our roms can be faked with current level of knowledge.

[Hiccup]

I don't think its practical to fake ROMs currently, but in the future it may be, so I think it'd be a good idea to get future-proof hashes before that point arrives.

[wiggy2k]

didn't it take google engineers like 100 years of CPU time to do a POC collision for SHA-1 ?

edit:  nope i was a mile off,

    Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
    6,500 years of CPU computation to complete the attack first phase
    110 years of GPU computation to complete the second phase

I don't think we have anything to be worried about there for the forseable future.