Conversation

Notices

1. Embed this notice
   Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 08-Mar-2024 20:33:21 JST Ryan Castellucci :nonbinary_flag:

   • Terence Eden

   @Edent What, if any, security properties does your application require?

   Do you need to prevent an attacker from producing a file with a specific hash value?

   Do you need to prevent an attacker from producing two files with the same hash?

   • Embed this notice
     Terence Eden (edent@mastodon.social)'s status on Friday, 08-Mar-2024 20:45:27 JST Terence Eden

     in reply to

     @ryanc I'm noodling around in a demo database - nothing prod facing.
     But, this is to try and prevent an attacker producing a file with a specific hash.

     So I'm assuming SHA over MD5?

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 08-Mar-2024 20:45:27 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Terence Eden

     @Edent There isn't any known attack against MD5 which would allow producing a file with a specific hash, but using it is very "fuck around and find out".

     If you can't use BLAKE2/3 with a specified output size, use HMAC-SHA-256 with a fixed key such as "output truncated to 128 bits" to provide domain separation, then truncate.

     There's some standard way to truncate SHA-256 to 128 bits, but I can't remember what spec it's in.