Use collision-detecting SHA1 alg

Question

Use collision-detecting SHA1 alg

magik6k opened this issue 7 years ago · 2 comments

It's possible to detect cryptanalytic collision attacks on SHA1, there is a lib in C which implements SHA1 with this 'extension' - https://github.com/cr-marcstevens/sha1collisiondetection, we should consider using that here.

Answer 1 · 2022-04-25T20:59:27.000Z

I felt inspire to poke at this recently and it seemed easy enough aschmahmann/go-sha1collisiondetection#1.

However, I can't see how I would register this in go-multihash since the registry takes a hash.Hash (https://pkg.go.dev/hash#Hash) which inconveniently has no way of returning an error when calling sum. Is it worth introducing any breaking changes here? cc @Stebalien @warpfork @magik6k

Perhaps this is the only hash function that can result in an error, but I could see other scenarios such as hash functions that only work for data of a particular format that's not fixable by just padding zeros.

Note: there's also a difference between Sum and Finalize in the underlying C library in that the C library modifies the internal state and doesn't append bytes to the end of a slice, but those are very fixable.

Answer 2 · 2022-04-26T07:21:29.000Z

Fallible hashers are... annoying. The rust API doesn't make any room for them either.

One solution would be to change the hash digest. E.g., if we run into a "broken" hash, we take the first 128 bits of a sha256 hash instead.

Also note: we probably don't want to require cgo for this library, if at all possible.