1 (edited by Hiccup 2020-01-11 19:43:34)

CRC32, MD5 and SHA-1 are all broken and it will just become easier for people to misuse their weakness in the future. I suggest that redump adds a field for SHA-256 to disc pages. Or even if iR0b0t doesn't want to add a new field, the data could be added in the comment field. Of course for discs added before this change, the information will have to be added retroactively as fixes.

Why would anyone try to crack the hashes of games' images? SHA-1 is even an overkill for the purposes of redump.org, SHA-256 would be absolutely redundant.

"Why would anyone try to crack the hashes of games' images?"
Just to mislead people.

Any of CRC32, MD5 and SHA-1 is not secure. But all combined?

reentrant wrote:

Any of CRC32, MD5 and SHA-1 is not secure. But all combined?

All combined and with a specific file size as per current dats should be an astronomically small chance of a hash collision, even if someone tried to do this intentionally. I don't think our roms can be faked with current level of knowledge.

I don't think its practical to fake ROMs currently, but in the future it may be, so I think it'd be a good idea to get future-proof hashes before that point arrives.

7 (edited by wiggy2k 2020-01-13 18:36:34)

didn't it take google engineers like 100 years of CPU time to do a POC collision for SHA-1 ?

edit:  nope i was a mile off,

    Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
    6,500 years of CPU computation to complete the attack first phase
    110 years of GPU computation to complete the second phase

I don't think we have anything to be worried about there for the forseable future.