-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use collision-detecting SHA1 alg #57
Comments
I felt inspire to poke at this recently and it seemed easy enough aschmahmann/go-sha1collisiondetection#1. However, I can't see how I would register this in go-multihash since the registry takes a Perhaps this is the only hash function that can result in an error, but I could see other scenarios such as hash functions that only work for data of a particular format that's not fixable by just padding zeros. Note: there's also a difference between |
Fallible hashers are... annoying. The rust API doesn't make any room for them either. One solution would be to change the hash digest. E.g., if we run into a "broken" hash, we take the first 128 bits of a sha256 hash instead. Also note: we probably don't want to require cgo for this library, if at all possible. |
It's possible to detect cryptanalytic collision attacks on SHA1, there is a lib in C which implements SHA1 with this 'extension' - https://github.com/cr-marcstevens/sha1collisiondetection, we should consider using that here.
The text was updated successfully, but these errors were encountered: