Jump to content











Photo
- - - - -

http://filename.pro


  • Please log in to reply
7 replies to this topic

#1 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 03 July 2012 - 03:52 PM

Hello my friends,

Would like to announce the opening of http://filename.pro as a website and service to help identify files based on their name or checksum hash (md5, sha1, sha256).

As a practical example using a program such as WinBuilder, we can query for info using this URL: http://filename.pro/WinBuilder.exe or shorten to any other known combination such as http://filename.pro/WinB and see the possible results such as this one: http://filename.pro/...13a0257a9d94bc1

The gathering of data is supported by volunteers that run on their desktop a client application. This application was designed to run across Windows, Linux and MacOSX.

This is a work in progress, suggestions, feedback and volunteers who wish to join this effort are welcome!


Have fun!
:cheers:
  • pscEx and Uvais like this

#2 Uvais

Uvais

    Frequent Member

  • Advanced user
  • 180 posts

Posted 03 July 2012 - 05:33 PM

looks cool ..make it more powerful ie: for checking SHA1/MD5 of files Which;shosted on Rapidshare/Mediafire :dubbio:

#3 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 03 July 2012 - 06:09 PM

Great idea and solution!
Especially the md5 seems to be very helpful to query for 'Original' files.

Peter

#4 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 03 July 2012 - 06:20 PM

Would like to announce the opening of http://filename.pro as a website and service to help identify files based on their name or checksum hash (md5, sha1, sha256).

But how much safe is it to use MD5 & SHA-1 as hash algorithms after finding that they are not collision resistant?

#5 homes32

homes32

    Gold Member

  • .script developer
  • 1021 posts
  • Location:Minnesota
  •  
    United States

Posted 04 July 2012 - 12:18 AM

Perhaps an opportunity for nuno to utilize whirlpool?

#6 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 04 July 2012 - 08:43 AM

looks cool ..make it more powerful ie: for checking SHA1/MD5 of files Which;shosted on Rapidshare/Mediafire :dubbio:

I am open to ideas. Can you provide more details? I am not yet understanding how filename.pro could help (I'm not a user of rapid/media fire) :)


But how much safe is it to use MD5 & SHA-1 as hash algorithms after finding that they are not collision resistant?

I am using SHA1 as identifier for each file and the current risk of collision is 1 occurrence per each 2,251,799,813,685,248 files as noted on http://eprint.iacr.org/2008/469.pdf

To play on the long term side, I am also indexing hashes for SHA256 that are currently listed as collision free: http://en.wikipedia.org/wiki/SHA-2

Not happy with SHA2 alone, I am already implementing ssdeep checksums (http://ssdeep.sourceforge.net/). This ssdeep algorithm is provided on virustotal analysis but there is no online service available to help compare it against similar files, this is something that filename.pro can offer.

However, ssdeep is reliable against intentional attacks as described on https://eldorado.tu-.../28934/1/08.pdf so I'm talking with Frank Breitinger to test a more robust fuzzy hashing algorithm



Perhaps an opportunity for nuno to utilize whirlpool?

I will be changing the clients to provide the option of uploading (executable) files onto the server. This way it becomes simpler to compute more hashes. Right now, it takes a long time per file to compute the set of traditional hashes (md5, sha1, sha256) and this doesn't help much if we want to try out other hashing algorithms in the future.

I will provide this upload client as open source to provide transparency on this process.

:cheers:

#7 Dubiaku

Dubiaku
  • Members
  • 2 posts
  • Location:Vermont
  •  
    United States

Posted 05 July 2012 - 04:48 AM

Collisions are a non-issue. Actually designing a true collision is a far different project than the fact of the theoretical existence of one. And then designing a collision to carry out some evil purpose in a workable way is then again several orders of magnitude more difficult than that. It is not worth the time to think about it. I certainly won't be losing any sleep.

But the comment about files on sharing servers - surely that is not one of the intents of the project, right? Besides being ever-changing, it would be a nightmare to even consider after characterizing all the legit files. Am I way out there by assuming that shared files are not part of this?

Edited by Dubiaku, 05 July 2012 - 04:52 AM.

  • Nuno Brito likes this

#8 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 05 July 2012 - 06:55 AM

...
But the comment about files on sharing servers - surely that is not one of the intents of the project, right? Besides being ever-changing, it would be a nightmare to even consider after characterizing all the legit files. Am I way out there by assuming that shared files are not part of this?

It would be good to hear more details about this request and only then discuss feasibility.

For the record, we have on database over 25 million SHA1 hashes and the performance is still great, takes less than a second to run a query and the server is not yet under stress.

:cheers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users