SHA-1

[Cassiel]

Right, now the release is out the way what's the consensus on making the inclusion of SHA-1 hashes on all new DATs "official"?

We had discussed previously, but I don't recall a final resolution (since the release was looming). As Diaboł has already noticed, we already have a mix of DATs with SHA-1 included (as well as CRC32 and MD5 of course) in both main and ISO, as well as nearly all in PIX.

Having hashes for CRC32, MD5 and SHA-1 in each DAT just gives a bit more flexibility, albeit with a small size increase.

So.... make it an official rule for all new/updated DATs moving forward?

[Aral]

Yeah Cassiel we made the decision just after the 2010-01 release of PIX to include SHA-1 hashes and it has been a good move IMO.  We found that we had a couple of PDF's with the same CRC but different SHA-1's.

I support the decision to use it in the main branch.

[PandMonium]

As Aral said, due to the crc32 hash length, different files are much more prone to collisions. This problem was in part already solved by using MD5, SHA1 is just an improvement on that.

I already said i agree with the addition of SHA1, other projects already made the change (from md5 to sha1) long ago. My only question is if there is a need to keep both (md5, sha1), given their nature.

Maybe we should keep both, based on the goal of our project and thinking that they can be useful for anyone (how?), although it will make dats a bit bigger.

So, include sha1 in your dats, at least until we decide to change it again one day and deprecate both to use SHA-512 or Whirlpool

[Aral]

great news

[Symmo]

I would keep md5 seeing that some p2p use them .
So u could still scan for a md5 on such networks etc..

[Cassiel]

Symmo,

MD5 won't be removed. The idea is to include CRC32, MD5 and SHA-1, and let the end user decide what hash they want to use.

Choice/flexibility = good  

[Symmo]

Hi cassiel
was just responding to My only question is if there is a need to keep both (md5, sha1), given their nature.
Then again maybe i read it wrong .

[Cassiel]

Oh, I see.... 

[PandMonium]

You didn't! It was really a question to discover what others think about it and if there is a clear advantage or disadvantage in doing so.

[TKaos]

Well which DAT tool I can use to create SHA-1+MD5 DATs?
TIM don't have this option and I dislike creating DATs with clrmame cause it takes ages.

[PandMonium]

Maybe you can use Dat Workshop or some tool like that...
If not i guess we can finally have a really small app to create dats, specific to TOSEC that would even be a bit easier to use...

[Cassiel]

I did! Just meant I now realise he responding to your question....    

[Cassiel]

TKaos - DatUtil can create DATs too (I think). Why you think CMP slow though? That's certainly not been my experience (especially compared to dinosaur TIM!). Maybe an overly aggressive AV app is causing the slowdown? Just an idea....

PandMonium - I love the idea of a TOSEC branded DAT creation tool though..... go on, you know it makes sense! Why waste your time at Uni doing actual work towards your qualifications when you can spend it on something important such as this....  

[Aral]

LOL