Project

General

Profile

Emulator Issues #11520

Add SHA1 hashing algorithm for checking disc images

Added by Jebeld17@gmail.com 4 months ago. Updated 14 days ago.

Status:
Fixed
Priority:
Low
Assignee:
-
% Done:

0%

Operating system:
N/A
Issue type:
Feature request
Milestone:
Regression:
No
Relates to usability:
No
Relates to performance:
No
Easy:
No
Relates to maintainability:
No
Regression start:
Fixed in:
5.0-9950

Description

MD5Sums are the preferred way (and only way) included in Dolphin to check the integrity of my game files, but MD5 has known flaws, downsides, and vulnerabilities.

With these problems MD5 has, newer methods of file hashing have been replacing MD5 in most programs - such as MD256, MD512, and higher. It's time Dolphin gains official support and the in-app tools to support these more complex algorithms, too, and help push MD5 to the past.

History

#1 Updated by Jebeld17@gmail.com 4 months ago

*SHA256

#2 Updated by JosJuice 4 months ago

  • Issue type changed from Bug to Feature request
  • Status changed from New to Accepted
  • Subject changed from Replace MD5SUM with ≥MD256SUMs to Add better hashing algorithms for checking disc images

We won't remove the option to calculate MD5, since it (along with SHA1) is commonly used in lists of hashes that you can find online. Adding the ability to also calculate SHA256 makes sense, though.

#3 Updated by Jebeld17@gmail.com 4 months ago

Thank you :-)
With this said, ≥ SHA256 should definitely be the default choice for Dolphin and warnings should be in-place for users stating the implications of MD5.

JosJuice wrote:

We won't remove the option to calculate MD5, since it (along with SHA1) is commonly used in lists of hashes that you can find online. Adding the ability to also calculate SHA256 makes sense, though.

#4 Updated by BhaaL 4 months ago

Those hashes are used for integrity, not security, so they do not really matter that much.
As already mentioned, the goal is to provide some sort of comparison value (to verify whether a dump is good or not) against well-known public lists (such as GameTDB amongst others).

#5 Updated by Billiard26 4 months ago

Is there even a database of GC/Wii game non-md5 checksums to compare to..?

#6 Updated by JosJuice 4 months ago

Redump uses CRC32/MD5/SHA1, and GameTDB does the same. I don't think there is any database that is using SHA256, really...

#7 Updated by Billiard26 4 months ago

I'm only seeing md5 on GameTDB. At least for the few (very popular) games that I looked at. MD5 definitely seems to be the most popular and it does the job (of testing integrity) just fine.

#8 Updated by Armada 4 months ago

The only possible security issue I can see is if someone were to make malware for Dolphin and then manages to make its hash collide with a legitimate game for extra points.

I doubt anyone would go through that much trouble, because no one would check the MD5 anyway before running the ISO.

#9 Updated by JosJuice 4 months ago

Not all games have all types of hashes on GameTDB, but those are the three types of hashes that the GameTDB database supports. https://www.gametdb.com/Wii/RSBE01 is an example of a game that has all three types.

#10 Updated by Billiard26 about 2 months ago

  • Priority changed from Normal to Low
  • Subject changed from Add better hashing algorithms for checking disc images to Add SHA1 hashing algorithm for checking disc images

I think SHA1 would be the only reasonable addition then? I don't think anyone really wants CRC32 and there lacks a database of SHA256 hashes.

Here's an implementation someone can copy-pasta into Dolphin: https://www.boost.org/doc/libs/1_65_0/boost/uuid/sha1.hpp

#11 Updated by JosJuice 26 days ago

  • Status changed from Accepted to Fix pending

#12 Updated by JosJuice 14 days ago

  • Fixed in set to 5.0-9950
  • Status changed from Fix pending to Fixed

Also available in: Atom PDF