prokop/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2026-03-22 20:53:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Signed recent changes

Browse Source
This commit is contained in:
Alex Anderson
2022-05-18 01:29:18 +00:00
parent 0fa726f9d5
commit 0d33cd5317
117 changed files with 780 additions and 780 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
export/guide.html
View File

@@ -1146,7 +1146,7 @@
<li><p>Password Storage:</p>
<ul>
<li><p>Prefer: Argon2, scrypt</p></li>
<li><p>If these arent options, use bcrypt, or if not possible at least PBKDF2 (only as a last resort)f</p></li>
<li><p>If these arent options, use bcrypt, or if not possible at least PBKDF2 (only as a last resort)</p></li>
<li><p>Be skeptical of Argon2d, as its vulnerable to some forms of side-channels. Prefer Argon2i or Argon2id</p></li>
<li><p>Avoid: SHA-3, SHA-2, SHA-1, MD5</p></li>
</ul></li>
@@ -9240,7 +9240,7 @@ PDF-Redact Tools (L)
<p>Usually, integrity checks<a href="#fn499" class="footnote-ref" id="fnref499" role="doc-noteref"><sup>499</sup></a> are done using hashes of files (usually stored within checksum files). Older files could use CRC<a href="#fn500" class="footnote-ref" id="fnref500" role="doc-noteref"><sup>500</sup></a>, more recently MD5<a href="#fn501" class="footnote-ref" id="fnref501" role="doc-noteref"><sup>501</sup></a> but those present several weaknesses (CRC, MD5<a href="#fn502" class="footnote-ref" id="fnref502" role="doc-noteref"><sup>502</sup></a>) that make them unreliable for file integrity checks (which does not mean they are not still widely used in other contexts).</p>
<p>This is because they do not prevent Collision<a href="#fn503" class="footnote-ref" id="fnref503" role="doc-noteref"><sup>503</sup></a> well enough and could allow an adversary to create a similar but malicious file that would still produce in the same CRC or MD5 hash despite having different content.</p>
<p>For this reason, it is usually recommended to use SHA-based<a href="#fn504" class="footnote-ref" id="fnref504" role="doc-noteref"><sup>504</sup></a> hashes and the most used is probably the SHA-2<a href="#fn505" class="footnote-ref" id="fnref505" role="doc-noteref"><sup>505</sup></a> based SHA-256 for verifying file integrity. SHA is much more resistant to collisions<a href="#fn506" class="footnote-ref" id="fnref506" role="doc-noteref"><sup>506</sup></a> than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and hard to compute for an adversary.</p>
<p>If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. <em>Note: SHA-1 is not recommended.</em></p>
<p>If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. Note that SHA-1 is not recommended, but is better than not having a hash to compare.</p>
<p>This checksum should itself be authenticated/trusted and should be available from an authenticated/trusted source (obviously you should not trust a file just because it has a checksum attached to it alone).</p>
<p>In the case of this guide, the SHA-256 checksums are available for each file including the PDFs but are also authenticated using a GPG signature allowing you to verify the authenticity of the checksum. This will bring us to the next section about authenticity.</p>
<p>So how to check checksums? (In this case SHA-256 but you could change to SHA-512</p>