UUHash

Uuhash is a hash algorithm of the clients Fast Track - network is used. Checksums for very large files can be generated in a short time , even on low-performance computers. However, the checksum is only formed for some parts of the file. This weakness makes it easier to find hash collisions , and any corruption or corruption of the rest of the file goes unnoticed, since the checksum is not affected.

UUHash is used by Kazaa , for example , and the RIAA exploits this vulnerability to distribute corrupted or broken files on the network.

algorithm

UUHash creates an MD5 checksum for the first 300 kB of the file, then every 2 ^ n MB (n = 0 and is increased by 1 until the end of the file is reached) for the next 300 kB blocks. UUHash uses its own Smallhash function for this. At the end, the checksum is calculated for the last 300 KB of the file. If the last 300 kB overlaps with the last 2 ^ n block, this will be discarded beforehand.

Example:

Distance 1 MB , 300 kB checksum

Distance 2 MB , 300 kB checksum

Distance 4 MB , 300 kB checksum

Distance 8 MB , 300 kB checksum

...

last 300 kB of the checksum file

The 128- bit MD5 checksum and the 32-bit small hash together then result in the 160-bit checksum for identifying the file in the FastTrack network. The checksum obtained in this way is now encoded with Base64 and results in the UUHash.

Sig2Dat

The name UUHash is actually an unfortunate choice. This originally comes from the sig2dat ( Memento from January 22, 2008 in the Internet Archive ) tool. This creates reference files for Kazaa from URIs . The URIs (the format does not correspond to the RFC standard.) Look like this with sig2dat:

sig2dat://|File: surprise.mp3|Length:5845871Bytes|UUHash:=1LDYkHDl65OprVz37xN1VSo9b00=