CacheP2P icon indicating copy to clipboard operation
CacheP2P copied to clipboard

Published 20 hours ago verified publisher icon guerrerocarlos

Switch to sha256

Open ghost opened this issue 8 years ago • 3 comments

Sha1 has known collisions. While it is not yet practical to attack a CacheP2P site by creating sha1 collisions.

CacheP2P should switch to sha256.

Yes, I know webtorrent only supports sha1, but this is still something to note.

ghost avatar Oct 21 '16 01:10 ghost

This very important, thanks for pointing it out.

guerrerocarlos avatar Oct 21 '16 11:10 guerrerocarlos

Hey @guerrerocarlos , when you create the torrents, you could put a seperate text file inside the torrents with a sha256 hash, then you could just check the hash in that file.

ghost avatar Oct 23 '16 01:10 ghost

@guerrerocarlos There was a relatively practical sha1 collision found: http://shattered.io/

Anyone with sufficient resources can break current torrent systems. This includes cachep2p.

ghost avatar Feb 23 '17 15:02 ghost