Redump Forum — Suggestion: Add SHA-256

Re: Suggestion: Add SHA-256

null@example.com (wiggy2k) — Mon, 13 Jan 2020 17:27:15 +0000

didn't it take google engineers like 100 years of CPU time to do a POC collision for SHA-1 ?

edit: nope i was a mile off,

Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
6,500 years of CPU computation to complete the attack first phase
110 years of GPU computation to complete the second phase

I don't think we have anything to be worried about there for the forseable future.

Re: Suggestion: Add SHA-256

null@example.com (Hiccup) — Mon, 13 Jan 2020 16:17:30 +0000

I don't think its practical to fake ROMs currently, but in the future it may be, so I think it'd be a good idea to get future-proof hashes before that point arrives.

Re: Suggestion: Add SHA-256

null@example.com (Maddog) — Sun, 12 Jan 2020 05:56:04 +0000

reentrant wrote:

Any of CRC32, MD5 and SHA-1 is not secure. But all combined?

All combined and with a specific file size as per current dats should be an astronomically small chance of a hash collision, even if someone tried to do this intentionally. I don't think our roms can be faked with current level of knowledge.

Re: Suggestion: Add SHA-256

null@example.com (reentrant) — Sat, 11 Jan 2020 20:52:50 +0000

Any of CRC32, MD5 and SHA-1 is not secure. But all combined?

Re: Suggestion: Add SHA-256

null@example.com (Hiccup) — Sat, 11 Jan 2020 20:02:18 +0000

"Why would anyone try to crack the hashes of games' images?"
Just to mislead people.

Re: Suggestion: Add SHA-256

null@example.com (ssjkakaroto) — Sat, 11 Jan 2020 19:01:44 +0000

Why would anyone try to crack the hashes of games' images? SHA-1 is even an overkill for the purposes of redump.org, SHA-256 would be absolutely redundant.

Suggestion: Add SHA-256

null@example.com (Hiccup) — Sat, 11 Jan 2020 18:40:08 +0000

CRC32, MD5 and SHA-1 are all broken and it will just become easier for people to misuse their weakness in the future. I suggest that redump adds a field for SHA-256 to disc pages. Or even if iR0b0t doesn't want to add a new field, the data could be added in the comment field. Of course for discs added before this change, the information will have to be added retroactively as fixes.