search

pjrinaldi / wombatforensics

linux c++, fox-toolkit, multi-threaded forensic gui tool
GNU General Public License v2.0
47 stars 12 forks source link

Default Hashing to Blake 3 #387

Closed pjrinaldi closed 2 years ago

pjrinaldi commented 3 years ago

Need to switch default hashing to blake 3, it is faster than the md5 or sha256, and I should be able to implement it easily and maybe go with blake -l 16, rather than 32, which would be md5 length rather than sha256 length.

If i just go with blake3 only and implement my own hash comparison/matching tool, then i can implement it in v0.5 with a hashlist...

something to think about...

pjrinaldi commented 3 years ago

empty blake3 hash: af1349b9f5f9a1a6a0404dea36dcc9499bcb25c9adc112b7cc9a93cae41f3262

pjrinaldi commented 3 years ago

added libblake3.so library to /usr/local/lib/, added blake3.h and -lblake3 to project file. compiles, so just need to implement blake3 into dig deeper.

pjrinaldi commented 3 years ago

implemented blake3 for digging deeper. still need to add it to carved from hexviewer.

pjrinaldi commented 3 years ago

also need to add blake3 hashing to the imaging function which i can get from the blake3dd code.

pjrinaldi commented 3 years ago

need to add blake3 to verify() function while keeping md5 for e01 and aff

pjrinaldi commented 3 years ago

fixed blake3 verify for custom forensic image i made, which is raw with the image metadata as xml at the end of the raw data.

maybe call it a .bdd image or .wfi or some other type.

pjrinaldi commented 2 years ago

working on moving default hashing to blake3 and just foregoing md5, sha1, sha256, etc... I want to use blake3, and I doubt anyone will use this, so I might as well just do what I want. I still can verify md5 from an existing imported raw/ewf/aff image.

pjrinaldi commented 2 years ago

Upgrade dig deeper dialog to only be a checkbox which shows the hashing to blake3. don't need all the other options and radio buttons... comment out code for now and cleanup later.

pjrinaldi commented 2 years ago

dig deeper dialog is blake3 only. need to implement changes to code everywhere else now.

pjrinaldi commented 2 years ago

I have libcrypto and its md5 commented out, need to migrate to qcryptographichash for md5 verification for e01, aff, and raw

pjrinaldi commented 2 years ago

blake3 is default and only for digging now. need to switch verify to qcryptograhic hash.

pjrinaldi commented 2 years ago

switched verification to qcryptographichash and it appears to work. need to test with E01 and see how it does. but for large images, there is no indication of activity/progress. I need to implement that.

pjrinaldi commented 2 years ago

digging failed for all listed, but worked fro selected and checked with 4-ext3 image. need to investigate this issue.

pjrinaldi commented 2 years ago

resolved the issue with all listed, so working now.