prokop/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2026-03-22 20:53:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Finished an incomplete sentence

Browse Source
This commit is contained in:
Alex Anderson
2022-05-18 00:18:04 +00:00
parent 82a93e4864
commit daeef609c1
118 changed files with 787 additions and 785 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
export/guide.html
View File

@@ -1126,7 +1126,7 @@
<li><p>Hashes:</p>
<ul>
<li><p>Prefer: SHA-3 or BLAKE2<a href="#fn272" class="footnote-ref" id="fnref272" role="doc-noteref"><sup>272</sup></a></p></li>
<li><p>Still relatively ok to use: SHA-2 (such as the widely used SHA256 or SHA512)</p></li>
<li><p>Still relatively ok to use: SHA-2 (such as the widely used SHA-256 or SHA-512)</p></li>
<li><p>Avoid: SHA-1, MD5 (unfortunately still widely used), CRC, MD6 (rarely used)</p></li>
</ul></li>
<li><p>File/Disk Encryption:</p>
@@ -1145,7 +1145,9 @@
</ul></li>
<li><p>Password Storage:</p>
<ul>
<li><p>Prefer: argon2, scrypt, bcrypt, or if not possible at least PBKDF2 (only as a last resort)</p></li>
<li><p>Prefer: Argon2, scrypt</p></li>
<li><p>If these arent options, use bcrypt, or if not possible at least PBKDF2 (only as a last resort)f</p></li>
<li><p>Be skeptical of Argon2d, as its vulnerable to some forms of side-channels. Prefer Argon2i or Argon2id</p></li>
<li><p>Avoid: SHA-3, SHA-2, SHA-1, MD5</p></li>
</ul></li>
<li><p>Browser Security (HTTPS):</p>
@@ -9237,11 +9239,11 @@ PDF-Redact Tools (L)
<h2 id="integrity-if-available">Integrity (if available):</h2>
<p>Usually, integrity checks<a href="#fn499" class="footnote-ref" id="fnref499" role="doc-noteref"><sup>499</sup></a> are done using hashes of files (usually stored within checksum files). Older files could use CRC<a href="#fn500" class="footnote-ref" id="fnref500" role="doc-noteref"><sup>500</sup></a>, more recently MD5<a href="#fn501" class="footnote-ref" id="fnref501" role="doc-noteref"><sup>501</sup></a> but those present several weaknesses (CRC, MD5<a href="#fn502" class="footnote-ref" id="fnref502" role="doc-noteref"><sup>502</sup></a>) that make them unreliable for file integrity checks (which does not mean they are not still widely used in other contexts).</p>
<p>This is because they do not prevent Collision<a href="#fn503" class="footnote-ref" id="fnref503" role="doc-noteref"><sup>503</sup></a> well enough and could allow an adversary to create a similar but malicious file that would still produce in the same CRC or MD5 hash despite having different content.</p>
<p>For this reason, it is usually recommended to use SHA-based<a href="#fn504" class="footnote-ref" id="fnref504" role="doc-noteref"><sup>504</sup></a> hashes and the most used is probably the SHA-2<a href="#fn505" class="footnote-ref" id="fnref505" role="doc-noteref"><sup>505</sup></a> based SHA256 for verifying file integrity. SHA is much more resistant to collisions<a href="#fn506" class="footnote-ref" id="fnref506" role="doc-noteref"><sup>506</sup></a> than CRC and MD5. And collisions with SHA256 or SHA512 are rare and hard to compute for an adversary.</p>
<p>If a SHA256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file.</p>
<p>For this reason, it is usually recommended to use SHA-based<a href="#fn504" class="footnote-ref" id="fnref504" role="doc-noteref"><sup>504</sup></a> hashes and the most used is probably the SHA-2<a href="#fn505" class="footnote-ref" id="fnref505" role="doc-noteref"><sup>505</sup></a> based SHA-256 for verifying file integrity. SHA is much more resistant to collisions<a href="#fn506" class="footnote-ref" id="fnref506" role="doc-noteref"><sup>506</sup></a> than CRC and MD5. And collisions with SHA-256 or SHA-512 are rare and hard to compute for an adversary.</p>
<p>If a SHA-256 checksum is available from the source of the file, you should not hesitate to use it to confirm the integrity of the file. <em>Note: SHA-1 </em></p>
<p>This checksum should itself be authenticated/trusted and should be available from an authenticated/trusted source (obviously you should not trust a file just because it has a checksum attached to it alone).</p>
<p>In the case of this guide, the SHA256 checksums are available for each file including the PDFs but are also authenticated using a GPG signature allowing you to verify the authenticity of the checksum. This will bring us to the next section about authenticity.</p>
<p>So how to check checksums? (In this case SHA256 but you could change to SHA512</p>
<p>In the case of this guide, the SHA-256 checksums are available for each file including the PDFs but are also authenticated using a GPG signature allowing you to verify the authenticity of the checksum. This will bring us to the next section about authenticity.</p>
<p>So how to check checksums? (In this case SHA-256 but you could change to SHA-512</p>
<ul>
<li><p>Windows<a href="#fn507" class="footnote-ref" id="fnref507" role="doc-noteref"><sup>507</sup></a>:</p>
<ul>