-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Security Considerations #131
Comments
perhaps you could start a pull request if you have some in mind that are worth listing? |
@rvagg not a crypto expert, but a starting point could be to evaluate every single threat in https://www.rfc-editor.org/rfc/rfc8725.html and check if that's applicable. I'm trying to get some feedback via twitter https://twitter.com/EnricoBassetti/status/1303390299662811141 too... |
So, multihash isn't a prescription for how to hash, what to hash or even what to do with a hash, other than how to present one in a portable way. Hashing algorithms themselves are well beyond the scope of this project, there are plenty of flawed ones and multihash doesn't assert opinions on those itself, it's simply a means of presenting a digest in a portable way so that you can transmit and store them and retain information about the hashing function used and the length of the digest, that's it. It's possible that there are interesting security considerations related to that narrow purpose that might be worth mentioning, but we need to be clear on the limitations of this project and the scope of what it's trying to achieve. It's certainly not trying to do anything so broad as JWT, and the burden of responsible and safe use of hash functions isn't something that belongs here. |
Those statements can be a basis for the Security Considerations, like your FAQ on md5 and sha-1. My understanding is that SC can even contain the rationale of design choices that make multihash more secure respect to other specs (Eg. we decided to encode parameters inside the hash to avoid parameter-substitution attacks .... ) About varints, some considerations should detail something like (eg. https://datatracker.ietf.org/doc/html/draft-multiformats-multihash-01#section-2.1.1) Another could investigate better about the usage of length to address truncation algorithms: I don't claim it's bad, just that those points should be explained to a reader which want to use multihash but want to some more discussion respect to the ones contained in the FAQ. Another consideration can be about the encoding:
it is not clear to me whether the multihash is a binary representation or an hex-ascii-string representation. I think somebody with a bit of knowledge in this fields should help us in filing some questions and provide answers :) |
Always binary. String representations are produced using multibase, so anything that isn’t multibase is talking about the binary representation. |
I expect
to have Security Considerations
The text was updated successfully, but these errors were encountered: