Hash section for downloads

[Deleted158994User]

Something occured to me when uploading a file the other day:

There is no elegant solution to provide hashes for your files apart from the download description box. When using that description box, you can't use very long hashes, because the value contains no spaces, hence the hash value won't be splitted up into multiple lines to fit inside the box.

A (in my opinion) good solution to this is how sourceforge has done it (example: phpmyadmin). There is a little button there on each file that opens a little window with textboxes that have the hash values in them (and some other download-stats). As a result you can use shortcuts like CTRL-A (very handy!) and CTRL-C inside these textboxes.

 

Furthermore it would be nice to implement a feature so that every uploaded file is hashed by the server automatically. This way the uploader wouldn't have to deal with this every time and you (as uploader) could check by yourself if the file has arrived at the server "unharmed" without having to re-download it and so on.

 

Should you choose to implement such feature, please don't use MD5 - it's not secure anymore and should be considered fairly useless (even SHA-1 isn't expected to be really secure anymore - attacks on it have been shown as early as 2005). SHA-2 and SHA-3 (which, unlike SHA-2, isn't based on SHA-1) are the way to go (512 Bits of 'hash' for the win :cool: ).

 

Edit: NMM, too, could employ this by verifying downloads via their hash values, thus enabling users to make use of hashes even if they don't know what it's all about.

Edited August 8, 2014 by Guest

[Thandal]

The malware attacks we've seen haven't been cases of one file "impersonating" another. The attackers were able to upload their payload files as if they were the legitimate member/author. Any hashes, had they been calculated and published, would have been correct. So not sure what value this would provide... :huh:

[Deleted158994User]

It's good practice, just as https is (or would be). History has shown clearly that in terms of internet security it's better to distrust anything by default. Employing hash checking in conjunction with https (if done right) provides at least some degree of trust.

 

Regarding this recent "attack(s)" you spoke of:

Right now anyone can see my password on login, all it takes is the ability to eavesdrop on my traffic (there are always people who, without having to conduct any kind of attack, could get access just by doing some clicks [e.g. any ISP in the packet's route to the nexus's servers] - not to mention the people who just perform attacks to get what they want). In that perspective it's not at all surprising that an event like we've seen has happened (of course, https is not the answer to every problem, but it's a step in the right direction). So, even if the suggested doesn't prevent this specific attack vector, it does prevent (or at least make much harder to execute) others.

Furthermore, if someone was to target a specific user by intercepting his connection with the nexus's servers, this would most probably not be detectable just like that (you and the user wouldn't know about it, because there's no indication until it's too late [provided the attacker has done his job properly]).

 

As we all know, there ain't such thing as "100% security", but that doesn't necessarily mean we shouldn't try to get at least some.

[Thandal]

Agree that certain security measures really do improve the security posture. Scanning all uploaded files for malware is one.

See also Dark0ne's Site News post on this very topic:

 

Two-Factor Auth

Our two-factor authentication system is relatively close to being completed as well but has been put on the backburner for the next week or two while we evaluate the CDN situation. This system will work in the same way as Steam and Facebook; if you login from an unrecognised location you will be sent a unique authentication code via email to verify it's actually you. You will be able to turn this system off in your preferences but we'd obviously recommend having it on for maximum security.

 

But hashes (using the latest SHA mechanism, or any other) would add very little additional security in our environment. Now if you were talking about people uploading fake versions of some of the mods found here onto other sites, that would be another story. But that doesn't really happen, and it would be up to those other sites to implement the safeguard anyway.

[Deleted158994User]

I'd be interested to know why exactly you just focus on this one sepcific attack vector. This "two-factor authentication" you are planning to implement could be circumvented by IP spoofing or a small malware that tunnels attackers traffic through the victims Computer/IP (some of today's malwares are capable of that).

That doesn't mean we shouldn't use that mechanism, but it shows that considering additional measures might be a good thing to do.

 

The use of a hashing mechanism doesn't deal with that particular problem you are refering to the whole time (at no point in this thread did I suggest that), but the bottom line for you is to dismiss a solution to another potential problem you aren't even considering.

 

In what way is "your environment" all that different from other file-hosting/distribution sites like sourceforge or git, other than that they are hosting sourcecode/applications and you are hosting game modifications? Your "two-factor authentication" doesn't at all prevent MITM attacks on a users connection to the nexus's servers (haven't got a clue why you seem to ignore that fact completely - just because something hasn't happend in the past [or you don't know about it] doesn't mean it's not going to happen in the future).

 

Actually - no, I don't really care any longer. Just forget I said anything, I'll not participate in this discussion any further.

[Thandal]

The way the environment here is different (from others that have a problem with forged/malicious files masquerading as legitimate ones) is that authors have to specifically upload their works to the Nexus. We don't re-host materials found elsewhere. And the content found here isn't redistributed all over the interwebz, with potentially malicious variants posted on multiple sites.

 

It is precisely that sort of thing that creating and posting hashes would help prevent. But still waiting to hear how implementing such a feature on the Nexus (as opposed to on other sites) would provide additional security for the Nexus members.

 

And the link about 2FA was simply to highlight that the Nexus actively pursues implementing security enhancements that would make a difference here.