Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to sha256 #3

Open
ghost opened this issue Oct 21, 2016 · 3 comments
Open

Switch to sha256 #3

ghost opened this issue Oct 21, 2016 · 3 comments

Comments

@ghost
Copy link

ghost commented Oct 21, 2016
edited by ghost
Loading

Sha1 has known collisions. While it is not yet practical to attack a CacheP2P site by creating sha1 collisions.

CacheP2P should switch to sha256.

Yes, I know webtorrent only supports sha1, but this is still something to note.
@guerrerocarlos
Copy link
Owner

This very important, thanks for pointing it out.

@ghost
Copy link
Author

ghost commented Oct 23, 2016

Hey @guerrerocarlos , when you create the torrents, you could put a seperate text file inside the torrents with a sha256 hash, then you could just check the hash in that file.

@ghost
Copy link
Author

ghost commented Feb 23, 2017

@guerrerocarlos There was a relatively practical sha1 collision found: http://shattered.io/

Anyone with sufficient resources can break current torrent systems. This includes cachep2p.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@guerrerocarlos