I think it would be a good idea to include a SHA256 or similar checksum for each of the official databases that way we can verify if files may have been tampered with during download as well as verify databases from other sources are the same (i.e I have some old RF databases which I would like to check against the breached ones).

We already include MD5, see the spoiler https://breached.to/Thread-000webhost-Database-Leaked-Download

(October 20, 2022, 12:06 AM)pompompurin Wrote: We already include MD5, see the spoiler https://breached.to/Thread-000webhost-Database-Leaked-Download

ah sorry wasn't paying attention please disregard this suggestion then although it might be nice including that with the official post here or in one place: https://breached.to/Announcement-Database-Index so we can quickly search through the hashes.

(October 20, 2022, 12:06 AM)pompompurin Wrote: We already include MD5, see the spoiler https://breached.to/Thread-000webhost-Database-Leaked-Download

I think we should use a different algorithm personally, MD5 has been collision prone for a long time now (but I don't know to what extent).

(October 20, 2022, 12:12 AM)God Wrote:

(October 20, 2022, 12:06 AM)pompompurin Wrote: We already include MD5, see the spoiler https://breached.to/Thread-000webhost-Database-Leaked-Download

I think we should use a different algorithm personally, MD5 has been collision prone for a long time now (but I don't know to what extent).

I don't really think collisions are much of a concern for file integrity checks since the chances off running into 2 different files (let alone 2 different db's/leaks) with the same hash is incredibly small unless your aiming to do that. Passwords/strings is a different matter however.

(October 20, 2022, 12:15 AM)DataDumper Wrote:

(October 20, 2022, 12:12 AM)God Wrote:

(October 20, 2022, 12:06 AM)pompompurin Wrote: We already include MD5, see the spoiler https://breached.to/Thread-000webhost-Database-Leaked-Download

I think we should use a different algorithm personally, MD5 has been collision prone for a long time now (but I don't know to what extent).

I don't really think collisions are much of a concern for file integrity checks since the chances off running into 2 different files (let alone 2 different db's/leaks) with the same hash is incredibly small unless your aiming to do that. Passwords/strings is a different matter however.

Likely it will never happen accidentally, but I was thinking of such an attack like this (using SHA1 as an example): https://shattered.io/

Marking as accepted since its already a feature (MD5 Hashes)

Collisions aren't really a concern