Emulator Issues #11520
closed
Add SHA1 hashing algorithm for checking disc images
0%
Description
MD5Sums are the preferred way (and only way) included in Dolphin to check the integrity of my game files, but MD5 has known flaws, downsides, and vulnerabilities.
With these problems MD5 has, newer methods of file hashing have been replacing MD5 in most programs - such as MD256, MD512, and higher. It's time Dolphin gains official support and the in-app tools to support these more complex algorithms, too, and help push MD5 to the past.
Updated by JosJuice over 5 years ago
- Subject changed from Replace MD5SUM with ≥MD256SUMs to Add better hashing algorithms for checking disc images
- Status changed from New to Accepted
- Issue type changed from Bug to Feature request
We won't remove the option to calculate MD5, since it (along with SHA1) is commonly used in lists of hashes that you can find online. Adding the ability to also calculate SHA256 makes sense, though.
Updated by Jebeld17@gmail.com over 5 years ago
Thank you :-)
With this said, ≥ SHA256 should definitely be the default choice for Dolphin and warnings should be in-place for users stating the implications of MD5.
JosJuice wrote:
We won't remove the option to calculate MD5, since it (along with SHA1) is commonly used in lists of hashes that you can find online. Adding the ability to also calculate SHA256 makes sense, though.
Updated by BhaaL over 5 years ago
Those hashes are used for integrity, not security, so they do not really matter that much.
As already mentioned, the goal is to provide some sort of comparison value (to verify whether a dump is good or not) against well-known public lists (such as GameTDB amongst others).
Updated by Billiard26 over 5 years ago
Is there even a database of GC/Wii game non-md5 checksums to compare to..?
Updated by JosJuice over 5 years ago
Redump uses CRC32/MD5/SHA1, and GameTDB does the same. I don't think there is any database that is using SHA256, really...
Updated by Billiard26 over 5 years ago
I'm only seeing md5 on GameTDB. At least for the few (very popular) games that I looked at. MD5 definitely seems to be the most popular and it does the job (of testing integrity) just fine.
Updated by Armada over 5 years ago
The only possible security issue I can see is if someone were to make malware for Dolphin and then manages to make its hash collide with a legitimate game for extra points.
I doubt anyone would go through that much trouble, because no one would check the MD5 anyway before running the ISO.
Updated by JosJuice over 5 years ago
Not all games have all types of hashes on GameTDB, but those are the three types of hashes that the GameTDB database supports. https://www.gametdb.com/Wii/RSBE01 is an example of a game that has all three types.
Updated by Billiard26 about 5 years ago
- Subject changed from Add better hashing algorithms for checking disc images to Add SHA1 hashing algorithm for checking disc images
- Priority changed from Normal to Low
I think SHA1 would be the only reasonable addition then? I don't think anyone really wants CRC32 and there lacks a database of SHA256 hashes.
Here's an implementation someone can copy-pasta into Dolphin: https://www.boost.org/doc/libs/1_65_0/boost/uuid/sha1.hpp
Updated by JosJuice about 5 years ago
- Status changed from Accepted to Fix pending
SHA1 is added in https://github.com/dolphin-emu/dolphin/pull/7922
Updated by JosJuice about 5 years ago
- Status changed from Fix pending to Fixed
- Fixed in set to 5.0-9950