Use collision-detecting SHA1 alg
magik6k opened this issue · 2 comments
It's possible to detect cryptanalytic collision attacks on SHA1, there is a lib in C which implements SHA1 with this 'extension' - https://github.com/cr-marcstevens/sha1collisiondetection, we should consider using that here.
I felt inspire to poke at this recently and it seemed easy enough aschmahmann/go-sha1collisiondetection#1.
However, I can't see how I would register this in go-multihash since the registry takes a hash.Hash
(https://pkg.go.dev/hash#Hash) which inconveniently has no way of returning an error when calling sum. Is it worth introducing any breaking changes here? cc @Stebalien @warpfork @magik6k
Perhaps this is the only hash function that can result in an error, but I could see other scenarios such as hash functions that only work for data of a particular format that's not fixable by just padding zeros.
Note: there's also a difference between Sum
and Finalize
in the underlying C library in that the C library modifies the internal state and doesn't append bytes to the end of a slice, but those are very fixable.
Fallible hashers are... annoying. The rust API doesn't make any room for them either.
One solution would be to change the hash digest. E.g., if we run into a "broken" hash, we take the first 128 bits of a sha256 hash instead.
Also note: we probably don't want to require cgo for this library, if at all possible.