Off Topic
Report problems with the forum itself, or any thing else not specific to Tixati
<<  Back To Forum

What hash will be used for NEW P2P Network?

by achilles on 2015/08/16 03:32:40 AM    
Does anyone know what hash will be used for the new P2P network that is being developed by the developer of Tixati? I hope the developer uses SHA1 or above to avoid some of the problems experienced by other P2P networks in the past. Maybe SHA1 will be a good choice since torrents already use SHA1, and that could be beneficial later on. I would not use anything weaker than SHA1.
by KH on 2015/08/19 11:07:46 PM    
SHA2-256 is already used for channels.

SHA3 (at various truncations) is now going into all new designs (DHT/Xfers/Channels/etc)

SHA1 is used by "standard" torrents and currently is not in danger of 2nd pre-image attacks, but that may not last for long.  But then again, torrents themselves will be made obsolete soon ;)
by achilles on 2015/08/20 05:38:31 AM    
I think the hashing that is going to be used will be secure enough for quite some time. Especially SHA256. It is being used by several security developers I assist with quality control, and design. I was a die hard WinMx user until the network was made unusable by a vulnerability in the underlying protocol. I mostly use emule right now with it's eD2k, and KAD network. I like it, but it has it's own security flaws. The little info that has been released so far about the new P2P Network in development sounds great so far. I have many friends that use to use WinMx, and are still looking for a replacement. I already notified them about the new network in development, and some of them were really exited to hear the news. Keep up the good work!
by John on 2015/08/20 05:48:34 AM    
Actually torrents still use the ancient MD5 32-digit hexadecimal numbers. Just look at any torrent hash code.

I'm more concerned about what encryption is used in torrenting. The cipher hould be at least a full AES implementation with 256-bit keys or something better.
by Guest on 2015/08/20 09:24:54 AM    
John, MD5 has never been used for torrent info-hash or piece hash.  If it had, you would be seeing poisoned data passing the hash-check all the time since MD5 is fully broken.  You should read the spec:

Info Dictionary

This section contains the field which are common to both mode, "single file" and "multiple file".

   piece length: number of bytes in each piece (integer)
   pieces: string consisting of the concatenation of all 20-byte SHA1 hash values, one per piece (byte string, i.e. not urlencoded)


KH is the main Tixati dev, I'm sure he knows what he's talking about.

Also, the standard torrent connection encryption is RC4 with 160-bit keys, which are negotiated by Diffie-Helmann technique.  This is way more than adequate.  The weakest link in the chain is the SHA1 torrents use for the piece and info-hash, and that is not even close to a problem right now.
by Guest on 2015/08/20 09:34:42 AM    
Also, John, torrent info-hashes (eg. magnet links) are exactly 20 bytes long (the output of SHA1 is always 20 bytes).

So when encoded into base-16 (ie. hexadecimal)  20 bytes becomes 40 characters, each in the range 0-9,A-F.

When encoded into base-32, 20 bytes becomes 32 characters, each in the range a-z,2-7.

Magnet links use either encoding, but the actual hash being represented is always a 20-byte SHA1 of the info section of the .torrent dictionary.
by Bugmagnet on 2015/08/20 04:04:49 PM    
"torrents themselves will be made obsolete soon"

by John on 2015/08/20 05:26:17 PM    
Ok Guest, the error is mine. SHA1 is used for torrent hashing.

But it would be really nice to have AES-256 encryption implemented, at least between Tixati clients or on a modified "secure" Tixati version.

There are some networks like I2P and Freenet with their own clients, and Darknet (a blanket name) with clients like RetroShare (hosted on SourceForge, no longer safe) and PerfectDark.

The "drawback" of these networks is that they use client-to-client tunneling, with each client serving as a form of proxy for the others, so even if you're not spied on the outside, you may be spied by your peers.
by achilles on 2015/08/21 04:34:06 AM    
I'm sure we would all like to see the strongest encryption, and hash algorithm used possible. Strong encryption, and hashing can be more taxing on one's machine though. The performance impact always has to be taken into account. If the client is too heavy on resources then fewer people will use it, or those that do use it will not leave the client running for long periods of time. If the client is light on resources then users can leave the client running for weeks at a time without needing to reboot. That will insure a strong network, and better availability of content on the network. If the encryption, or hashing is too weak of course that could lead to attacks on the network leading to a bad user experience. It's all about finding the right balance in security, and usability.

This web site is powered by Super Simple Server