-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Forbid non-cryptographic hashes within /ipfs namespace #4371
Comments
Giving this a bug label. ipfs.io frontpage says:
|
Also, it looks like there is a bug somewhere, probably in go-multihash. See go-multihash/multihash.go#L63 / #L140 vs multihash/hashtable.csv#L20 |
Yeah... we also have to check:
We may want to introduce a new type/constructor to enforce this. Personally, I'd rename the current Multihash type to |
On sha1 - multiformats/go-multihash#57 |
My idea of solving this issue, as well as issue of short hashes is: For each hash function define its # of security bits ratio. As an example, SHA1 has length of 160 bits, if it was perfect hash function it would have 80 bits of security for collision but SHA1 is partially broken, it currently is deemed to have 61 bits of security so its security bits ratio is Then every time we see hash for content addressing we evaluate how many bits of security it really have (formula would be Full round variant of SHA256 is yet to be successfully cryptoanalysed so its security bit factor would be 1 same as many other cryptographically sound hash functions. Murmur would be cut off for two reasons, low bit count and low security factor (0 ??), same with other hash functions that are currently obsolete. |
|
This is a bit urgent, so ideally a partial solution (like denying all hashes not in a short whitelist or with lengths < 256 bits) could be deployed in the next release.a |
That is why in my writeup I only mentioned increasing number of security bits. Decreasing bellow some set minimum (or default) would not be possible. |
Team, we need this. To make it simpler for now, go with:
Allowed hashes from https://github.com/multiformats/multihash/blob/master/hashtable.csv:
|
Do note that there already is such "old content" from a test I did back in 2016 ( 17 cases, specifically everything in the rows You can use this matrix both for validating "yep, we no longer resolve this link" and for a possible future "yes, we still can open it under |
Started a solution here: ipfs/go-cid#40 My approach will be to restrict the creation of invalid cids. This is a more surefire way restricting content than trying to police all the different places data can get into the system. |
I am not sure whether this has been fully fixed or not, but there is improvement: I now get a Kudos to the team! |
What is under this hash? |
It was solved by: #4751 |
On an unpatched go-ipfs:
From my email to
|
Looking over #4751 it seems there is no work related to the DHT. I still strongly recommend the following:
|
@mib-kd743naq my plan for ipfs/go-cid#40 is to forbid any creation of CID with the number of security bits lower than SHA1. I wonder why it times out. |
You can not really do this in an open p2p system: you can not control what shows up on the network. Case in point: I assembled all of the above without any of the go-ipfs libraries. All you can realistically do is harden various readers/repeaters. |
Yes, that what I meant. If we are not able to create an insecure CID on our node then we won't be able to propagate info about it. |
Here is my action plan to switching to Strict CIDs. At the same time we will add support for recognizing identity hashes and being able to use them without storing them in the datastore (see #4766 (comment))
Note I used @whyrusleeping @Kubuxu @Stebalien (and anyone else) sound good? |
@kevina sounds reasonable to me. |
Btw, for any readers of this issue, The discussion now is about a 'more correct' fix to the problem. Currently, we just prevent the use of these hashes via the blockstore in ipfs. This effectively solves the problem, but its not a clean solution. |
Update: This is DONE, we currently block non-cryptographic hash functions at blockstore level – see #4371 (comment)
It just occured to me that by supporting non-cryptographic hashes (such as murmur3) in multihash, these are also available for CIDs, and can thus be used within the /ipfs namespace (example: ipfs/ipfs-companion#305).
This is not good! /ipfs paths MUST be cryptographically verifiable, it's their primary property. A lack of cryptographic verifiability seriously breaks so many assumptions on so many levels.
This would probably be appropriate to enforce within the respective IPLD modules.
The text was updated successfully, but these errors were encountered: