EMULAB Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

The new forum is online, hope you enjoy it!

Pages: [1]   Go Down

Author Topic: [REQUEST] Support a Cryptographic Secure Checksum Algorithm  (Read 3019 times)

wertercatt

  • Member
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 1
  • Operating System:
  • Windows NT 10.0 Windows NT 10.0
  • Browser:
  • Chrome 61.0.3163.100 Chrome 61.0.3163.100
    • View Profile

Currently, clrmamepro only supports CRC32, MD5, and SHA-1 checksums in its DATfiles. CRC32 is obviously bad for file integrity due to how easy collisions are. MD5 collisions have been known to be possible since 2005 (see http://www.mscs.dal.ca/~selinger/md5collision/.) So, SHA-1 would be our only hope for a cryptographically secure checksum to use in clrmamepro DATs, if we want to make sure that a corrupt DATed file is detected... if an SHA-1 collision hadn't already been found. Whoops. (see http://shattered.io/)

Because all three of the checksum functions supported in clrmamepro have the possibility of hash collisions, I believe a new secure checksum function should be implemented so DAT creators can take advantage of it for preserving files. I would like to request that support for the SHA-2 (SHA-256, and SHA-512) and SHA-3 (SHA3-256, and SHA3-512) families of functions be added to clrmamepro. This will bring its checksum support up to speed with current cryptographic knowledge and increase the ability of DAT'd romsets to be preserved.
Logged


oxyandy

  • Member
  • *
  • Karma: 5
  • Offline Offline
  • Posts: 269
  • Operating System:
  • Windows NT 10.0 Windows NT 10.0
  • Browser:
  • Chrome 62.0.3202.62 Chrome 62.0.3202.62
    • View Profile
    • .
Re: [REQUEST] Support a Cryptographic Secure Checksum Algorithm
« Reply #1 on: 26 October 2017, 03:56 »

There are plenty of dats which have crc32, md5 & sha1
You will never have a collision of all 3 in a 'faked file'
so isn't it already secure enough ?
You tell me... :)
« Last Edit: 26 October 2017, 04:19 by oxyandy »
Logged

Roman

  • Global Moderator
  • Member
  • ***
  • Karma: 112
  • Offline Offline
  • Posts: 3287
  • Operating System:
  • Windows NT 10.0 Windows NT 10.0
  • Browser:
  • Chrome 62.0.3202.62 Chrome 62.0.3202.62
    • View Profile
Re: [REQUEST] Support a Cryptographic Secure Checksum Algorithm
« Reply #2 on: 26 October 2017, 07:07 »

"On 23 February 2017, Google announced the SHAttered attack, in which they generated two different PDF files with the same SHA-1 hash in roughly 263.1 SHA-1 evaluations. This attack is about 100,000 times faster than brute forcing a SHA-1 collision with a birthday attack, which was estimated to take 280 SHA-1 evaluations. The attack required "the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations"

This...and the fact that we use crc32 + size + sha1 will make it very unlikely that someone will fake a file for whatever reason to match all 3 attributes

and don't forget, we're mainly talking about rom files which are usually provided by the dumpers themselves which of course want a good dump. Besides of this, modification of files will end in either broken graphics/sound roms or code roms which don't run then....

To sum it up...in the MAME world, there is no need to switch to SHA512 etc....  ...and as long as MAME doesn't include a new hash you won't see it in cmpro
« Last Edit: 26 October 2017, 08:50 by Roman »
Logged
Pages: [1]   Go Up
 

Page created in 0.134 seconds with 20 queries.

anything
anything