[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New Software: P2P filesharing designed to use Tor



Hi there,
thanks for your suggestion. I considered the proposal to have separate hashes 
computed for the files. 
I would not track separate hashes for the reason of possible programming errors, 
but for user purposis, e.g. if a users wants to check if a file contains a virus, using 
a webservice which takes file hashes.

I would consider such a feature but currently the software is not used by people, 
so no urge need to have this feature :)

https://github.com/FreedomFighter1/SecureLoad





-----Original Message-----
From: "SecTech" [tech@xxxxxxxxxxx]
Date: 01/08/2015 11:55 AM
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] New Software: P2P filesharing designed to use Tor

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I don't meant to change the hash funktion from SHA-1 to SHA-256, I
meant to hash the 100 KB blocks and the higher level hashes with SHA-1
and to provide a SHA-256 hash that is generated from the file itself
too.
Because two hashes are more secure than one, even if one of them is
broken, because if someone can find a collision in one hash he can't
find a collision in the second at the same time.

The two hash method is only mode secure than a single hash, if someone
can't reverse calculate an information out of the hash. But SHA-1 is so
far I know only vulnarable to collisions at some specific conditions.

Maybe it will be mode secure to use RIPE-MD 160 for hashing the tree
hashes and provide a SHA-256 hash for the whole file too.


- -- 
SecTech <tech@xxxxxxxxxxx>
GPG-ID: 0x364CFE05

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUrrZXAAoJENR4jiM2TP4FMbQP/jg8gBN+5xiSrx7rVOn/EvEl
OLzEUsrOwNWZ2nbDz2GRMWTRmieBxRxnpp8IYkWjVry7h2hEkfAGTWTF1zlj5KPJ
wNHxBb6Mlw9vlW79nnEdtgkANHgnlrxG/Gg0OYfV8YYquf5OMHvkXVwhv02U4sSr
NxpIFTCg98gXX5297Prn5Ro/n1IECmJuCnh2+qNMB0GdZSwPB3L210/nltkhGcBI
QV1jHc/AevLD4/QgdtV3iYmAHrIrmJ1wdXrlTMQXmmjQcuKL5keFBFXyWjwLBJeW
RO/SK+ph6WCIQrl9CZds3VNvDdR42gb8H8JftGUJv5hyEgiWTfnyD5tCFKi2XBg2
WzzZ+1kebeO0BDTZupgKQqwPc4aG/YrThk3EIX+YJ0vDqIyweTU01SLvapZ/TVS2
zqfroqZTJ43i1j/s275fUyQohUuPlAsViVLt3sOY/REfHwxxYfiiLrp8IEuZWRlT
w6jFxEwvao8o2UJXJ/fFsnJZG47JoXXTcNA8jvNxEqdzzCVrDFm3yWj+ftO+KxsI
nMrdAkvYEG3K7prw+5RY9RvSeRh7WSaaOfcTBFtk5S4d/dWwknTSgN4uFksgvbdy
dMrWNcBXPinLC6YNjKZZ6dTYll13jtC+RwuSmkjDjeOV6PWyiunyr6n6zP5tVZ4j
bGH914P8fcG3+mVuvLK6
=y6wA
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk