Upgrade Checksum algorithms #6634
Conversation
|
Should be easy to add but nothing planned atm. Also not sure if the security implications of SHA1 also apply to it's usage in non-cryptographic contexts(checksums) as we also still support MD5 and ADLER32 which are even more broken in this regard. |
|
The client is already using the checksum as content hash to detect if the file was changed in order to avoid uploading the file if the checksum is the same. In the future, with #5867, we would even do a COPY instead of re-uploading the files with the same contents. We probably do not need to worry about a collision attack (or should we?) but if users upload these collision files, we would have a bug right now. |
Isn't the longest string the most accurate one? Especially if the Qt enums are called similarly. |
In case, some day, the server also supports it
|
Right, So i changed the string value to "SHA256" and "SHA3-256". Also i could have chosen the 224bit variant, but the 256 variant is the most used. |
|
Should I create a issue for this? /cc @PVince81 |
|
@IljaN please create a core issue to schedule an upgrade. @settermjd any thoughts on the above ? |
|
Core issue: owncloud/core#32071 |
The first commit move the checksum code from filesystembase.cpp to checksum.cpp, where they belong. I don't want to add more wrapper around QCryptographicHash in filesystem, ot include QCryptographicHash from there.
The second commit add support for "SHA2" (SHA256) and "SHA3" (SHA3-256).
SHA-1 has already been deprecated for 10 years. We should at least support new algorithm so the server will also be able to support them.
SHA-1 is still the default contents checksum as this is what the server supports and we want to use the same.
To be bikesheded: the name of the string "SHA2" and "SHA3" or should it be "SHA256" and "SHA3-256"
@IljaN What about server support?