Redump Forum — Suggestion: Add SHA-256

Re: Suggestion: Add SHA-256

2020-01-13T17:27:15Z

didn't it take google engineers like 100 years of CPU time to do a POC collision for SHA-1 ?

edit: nope i was a mile off,

Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
6,500 years of CPU computation to complete the attack first phase
110 years of GPU computation to complete the second phase

I don't think we have anything to be worried about there for the forseable future.

Re: Suggestion: Add SHA-256

2020-01-13T16:17:30Z

I don't think its practical to fake ROMs currently, but in the future it may be, so I think it'd be a good idea to get future-proof hashes before that point arrives.

Re: Suggestion: Add SHA-256

2020-01-12T05:56:04Z

reentrant wrote:

Any of CRC32, MD5 and SHA-1 is not secure. But all combined?

All combined and with a specific file size as per current dats should be an astronomically small chance of a hash collision, even if someone tried to do this intentionally. I don't think our roms can be faked with current level of knowledge.

Re: Suggestion: Add SHA-256

2020-01-11T20:52:50Z

Any of CRC32, MD5 and SHA-1 is not secure. But all combined?

Re: Suggestion: Add SHA-256

2020-01-11T20:02:18Z

"Why would anyone try to crack the hashes of games' images?"
Just to mislead people.

Re: Suggestion: Add SHA-256

2020-01-11T19:01:44Z

Why would anyone try to crack the hashes of games' images? SHA-1 is even an overkill for the purposes of redump.org, SHA-256 would be absolutely redundant.

Suggestion: Add SHA-256

2020-01-11T18:40:08Z

CRC32, MD5 and SHA-1 are all broken and it will just become easier for people to misuse their weakness in the future. I suggest that redump adds a field for SHA-256 to disc pages. Or even if iR0b0t doesn't want to add a new field, the data could be added in the comment field. Of course for discs added before this change, the information will have to be added retroactively as fixes.