http://filename.pro
#1
Posted 03 July 2012 - 03:52 PM
Would like to announce the opening of http://filename.pro as a website and service to help identify files based on their name or checksum hash (md5, sha1, sha256).
As a practical example using a program such as WinBuilder, we can query for info using this URL: http://filename.pro/WinBuilder.exe or shorten to any other known combination such as http://filename.pro/WinB and see the possible results such as this one: http://filename.pro/...13a0257a9d94bc1
The gathering of data is supported by volunteers that run on their desktop a client application. This application was designed to run across Windows, Linux and MacOSX.
This is a work in progress, suggestions, feedback and volunteers who wish to join this effort are welcome!
Have fun!
- pscEx and Uvais like this
#2
Posted 03 July 2012 - 05:33 PM
#3
Posted 03 July 2012 - 06:09 PM
Especially the md5 seems to be very helpful to query for 'Original' files.
Peter
#4
Posted 03 July 2012 - 06:20 PM
But how much safe is it to use MD5 & SHA-1 as hash algorithms after finding that they are not collision resistant?Would like to announce the opening of http://filename.pro as a website and service to help identify files based on their name or checksum hash (md5, sha1, sha256).
#5
Posted 04 July 2012 - 12:18 AM
#6
Posted 04 July 2012 - 08:43 AM
I am open to ideas. Can you provide more details? I am not yet understanding how filename.pro could help (I'm not a user of rapid/media fire)looks cool ..make it more powerful ie: for checking SHA1/MD5 of files Which;shosted on Rapidshare/Mediafire
I am using SHA1 as identifier for each file and the current risk of collision is 1 occurrence per each 2,251,799,813,685,248 files as noted on http://eprint.iacr.org/2008/469.pdfBut how much safe is it to use MD5 & SHA-1 as hash algorithms after finding that they are not collision resistant?
To play on the long term side, I am also indexing hashes for SHA256 that are currently listed as collision free: http://en.wikipedia.org/wiki/SHA-2
Not happy with SHA2 alone, I am already implementing ssdeep checksums (http://ssdeep.sourceforge.net/). This ssdeep algorithm is provided on virustotal analysis but there is no online service available to help compare it against similar files, this is something that filename.pro can offer.
However, ssdeep is reliable against intentional attacks as described on https://eldorado.tu-.../28934/1/08.pdf so I'm talking with Frank Breitinger to test a more robust fuzzy hashing algorithm
I will be changing the clients to provide the option of uploading (executable) files onto the server. This way it becomes simpler to compute more hashes. Right now, it takes a long time per file to compute the set of traditional hashes (md5, sha1, sha256) and this doesn't help much if we want to try out other hashing algorithms in the future.Perhaps an opportunity for nuno to utilize whirlpool?
I will provide this upload client as open source to provide transparency on this process.
#7
Posted 05 July 2012 - 04:48 AM
But the comment about files on sharing servers - surely that is not one of the intents of the project, right? Besides being ever-changing, it would be a nightmare to even consider after characterizing all the legit files. Am I way out there by assuming that shared files are not part of this?
Edited by Dubiaku, 05 July 2012 - 04:52 AM.
- Brito likes this
#8
Posted 05 July 2012 - 06:55 AM
It would be good to hear more details about this request and only then discuss feasibility....
But the comment about files on sharing servers - surely that is not one of the intents of the project, right? Besides being ever-changing, it would be a nightmare to even consider after characterizing all the legit files. Am I way out there by assuming that shared files are not part of this?
For the record, we have on database over 25 million SHA1 hashes and the performance is still great, takes less than a second to run a query and the server is not yet under stress.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users