prokop/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2026-03-22 20:53:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Signed recent changes

Browse Source
This commit is contained in:
Alex Anderson
2022-05-18 00:39:09 +00:00
parent daeef609c1
commit 615e9a3092
117 changed files with 779 additions and 779 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
export/guide.html
View File

@@ -9240,7 +9240,7 @@ PDF-Redact Tools (L)
<p>Usually, integrity checks<a href="#fn499" class="footnote-ref" id="fnref499" role="doc-noteref"><sup>499</sup></a> are done using hashes of files (usually stored within checksum files). Older files could use CRC<a href="#fn500" class="footnote-ref" id="fnref500" role="doc-noteref"><sup>500</sup></a>, more recently MD5<a href="#fn501" class="footnote-ref" id="fnref501" role="doc-noteref"><sup>501</sup></a> but those present several weaknesses (CRC, MD5<a href="#fn502" class="footnote-ref" id="fnref502" role="doc-noteref"><sup>502</sup></a>) that make them unreliable for file integrity checks (which does not mean they are not still widely used in other contexts).</p>
<p>This is because they do not prevent Collision<a href="#fn503" class="footnote-ref" id="fnref503" role="doc-noteref"><sup>503</sup></a> well enough and could allow an adversary to create a similar but malicious file that would still produce in the same CRC or MD5 hash despite having different content.</p>
<p>For this reason, it is usually recommended to use SHA-based<a href="#fn504" class="footnote-ref" id="fnref504" role="doc-noteref"><sup>504</sup></a> hashes and the most used is probably the SHA-2<a href="#fn505" class="footnote-ref" id="fnref505" role="doc-noteref"><sup>505</sup></a> based SHA-256 for verifying file integrity. SHA is much more resistant to collisions<a href="#fn506" class="footnote-ref" id="fnref506" role="doc-noteref"><sup>506</sup></a> than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and hard to compute for an adversary.</p>
<p>If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. <em>Note: SHA-1 </em></p>
<p>If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. <em>Note: SHA-1 is not recommended.</em></p>
<p>This checksum should itself be authenticated/trusted and should be available from an authenticated/trusted source (obviously you should not trust a file just because it has a checksum attached to it alone).</p>
<p>In the case of this guide, the SHA-256 checksums are available for each file including the PDFs but are also authenticated using a GPG signature allowing you to verify the authenticity of the checksum. This will bring us to the next section about authenticity.</p>
<p>So how to check checksums? (In this case SHA-256 but you could change to SHA-512</p>