http://filename.pro

Hello my friends,

Would like to announce the opening of http://filename.pro as a website and service to help identify files based on their name or checksum hash (md5, sha1, sha256).

As a practical example using a program such as WinBuilder, we can query for info using this URL: http://filename.pro/WinBuilder.exe or shorten to any other known combination such as http://filename.pro/WinB and see the possible results such as this one: http://filename.pro/...13a0257a9d94bc1

The gathering of data is supported by volunteers that run on their desktop a client application. This application was designed to run across Windows, Linux and MacOSX.

This is a work in progress, suggestions, feedback and volunteers who wish to join this effort are welcome!


Have fun!

looks cool ..make it more powerful ie: for checking SHA1/MD5 of files Which;shosted on Rapidshare/Mediafire

Great idea and solution!
Especially the md5 seems to be very helpful to query for 'Original' files.

Peter

Would like to announce the opening of http://filename.pro as a website and service to help identify files based on their name or checksum hash (md5, sha1, sha256).

But how much safe is it to use MD5 & SHA-1 as hash algorithms after finding that they are not collision resistant?

Perhaps an opportunity for nuno to utilize whirlpool?

looks cool ..make it more powerful ie: for checking SHA1/MD5 of files Which;shosted on Rapidshare/Mediafire

I am open to ideas. Can you provide more details? I am not yet understanding how filename.pro could help (I'm not a user of rapid/media fire)

But how much safe is it to use MD5 & SHA-1 as hash algorithms after finding that they are not collision resistant?

I am using SHA1 as identifier for each file and the current risk of collision is 1 occurrence per each 2,251,799,813,685,248 files as noted on http://eprint.iacr.org/2008/469.pdf

To play on the long term side, I am also indexing hashes for SHA256 that are currently listed as collision free: http://en.wikipedia.org/wiki/SHA-2

Not happy with SHA2 alone, I am already implementing ssdeep checksums (http://ssdeep.sourceforge.net/). This ssdeep algorithm is provided on virustotal analysis but there is no online service available to help compare it against similar files, this is something that filename.pro can offer.

However, ssdeep is reliable against intentional attacks as described on https://eldorado.tu-.../28934/1/08.pdf so I'm talking with Frank Breitinger to test a more robust fuzzy hashing algorithm

Perhaps an opportunity for nuno to utilize whirlpool?

I will be changing the clients to provide the option of uploading (executable) files onto the server. This way it becomes simpler to compute more hashes. Right now, it takes a long time per file to compute the set of traditional hashes (md5, sha1, sha256) and this doesn't help much if we want to try out other hashing algorithms in the future.

I will provide this upload client as open source to provide transparency on this process.

Collisions are a non-issue. Actually designing a true collision is a far different project than the fact of the theoretical existence of one. And then designing a collision to carry out some evil purpose in a workable way is then again several orders of magnitude more difficult than that. It is not worth the time to think about it. I certainly won't be losing any sleep.

But the comment about files on sharing servers - surely that is not one of the intents of the project, right? Besides being ever-changing, it would be a nightmare to even consider after characterizing all the legit files. Am I way out there by assuming that shared files are not part of this?

Edited by Dubiaku, 05 July 2012 - 04:52 AM.

...
But the comment about files on sharing servers - surely that is not one of the intents of the project, right? Besides being ever-changing, it would be a nightmare to even consider after characterizing all the legit files. Am I way out there by assuming that shared files are not part of this?

It would be good to hear more details about this request and only then discuss feasibility.

For the record, we have on database over 25 million SHA1 hashes and the performance is still great, takes less than a second to run a query and the server is not yet under stress.