How to dynamically generate the hash value of a file while it gets downloaded from any website?Cryptographic Security of Dynamically Generated, Non-Random SaltsProperties for cryptographic hash functions (preimage, second preimage and collision resistant)Is a file hash checking system 100% secure and non-bypassable/fakable?Search on hashed dataHow SplashData knows about Worst Passwords used by users annuallyVerify CDN javascript's integrityIs it insecure to hash multiples times?Is This DIY Password Authentication Scheme Acceptable?Salted password + hash - is it really useful?If hash values are same, they lessen security. Why?

What should I do about a religious player who refuses to accept the existence of multiple gods in D&D?

Select row of data if next row contains zero

Why is there a need to modify system call tables in Linux?

Looking for an old image of designing a cpu with plan laid out / being edited on a literal floor

Estimate related to the Möbius function

How does increase in volume change the speed of reaction in production of NO2?

Is having a hidden directory under /etc safe?

Cryptography and patents

Why don't I have ground wiring on any of my outlets?

TV show or movie: Diseased people are exiled to a spaceship

Looking after a wayward brother in mother's will

Why does the UK have more political parties than the US?

Could a guilty Boris Johnson be used to cancel Brexit?

Is the capacitor drawn or wired wrongly?

How to decline physical affection from a child whose parents are pressuring them?

What is the most important characteristic of New Weird as a genre?

How can I grammatically understand "Wir über uns"?

How should I push back against my job assigning "homework"?

Why does my electric oven present the option of 40A and 50A breakers?

If a problem only occurs randomly once in every N times on average, how many tests do I have to perform to be certain that it's now fixed?

Are grass strips more dangerous than tarmac?

What is a simple, physical situation where complex numbers emerge naturally?

What does the behaviour of water on the skin of an aircraft in flight tell us?

Recording the inputs of a command and producing a list of them later on



How to dynamically generate the hash value of a file while it gets downloaded from any website?


Cryptographic Security of Dynamically Generated, Non-Random SaltsProperties for cryptographic hash functions (preimage, second preimage and collision resistant)Is a file hash checking system 100% secure and non-bypassable/fakable?Search on hashed dataHow SplashData knows about Worst Passwords used by users annuallyVerify CDN javascript's integrityIs it insecure to hash multiples times?Is This DIY Password Authentication Scheme Acceptable?Salted password + hash - is it really useful?If hash values are same, they lessen security. Why?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.



I hope you understood my problem statement and I request you to help me in solving it.






hash







share|improve this question
























  • Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

    – Johnny
    Apr 14 at 10:11






  • 15





    You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

    – vidarlo
    Apr 14 at 10:48






  • 3





    The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

    – gowenfawr
    Apr 14 at 14:07

















2















I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.



I hope you understood my problem statement and I request you to help me in solving it.






hash







share|improve this question
























  • Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

    – Johnny
    Apr 14 at 10:11






  • 15





    You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

    – vidarlo
    Apr 14 at 10:48






  • 3





    The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

    – gowenfawr
    Apr 14 at 14:07













2












2








2








I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.



I hope you understood my problem statement and I request you to help me in solving it.






hash







share|improve this question
















I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.



I hope you understood my problem statement and I request you to help me in solving it.






hash




hash






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 14 at 17:23







Snehitha Gaddam

















asked Apr 14 at 10:05









Snehitha GaddamSnehitha Gaddam

112




112












  • Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

    – Johnny
    Apr 14 at 10:11






  • 15





    You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

    – vidarlo
    Apr 14 at 10:48






  • 3





    The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

    – gowenfawr
    Apr 14 at 14:07

















  • Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

    – Johnny
    Apr 14 at 10:11






  • 15





    You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

    – vidarlo
    Apr 14 at 10:48






  • 3





    The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

    – gowenfawr
    Apr 14 at 14:07
















Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

– Johnny
Apr 14 at 10:11





Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

– Johnny
Apr 14 at 10:11




15




15





You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

– vidarlo
Apr 14 at 10:48





You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

– vidarlo
Apr 14 at 10:48




3




3





The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

– gowenfawr
Apr 14 at 14:07





The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

– gowenfawr
Apr 14 at 14:07










1 Answer
1






active

oldest

votes


















9














Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.






share|improve this answer























  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    Apr 14 at 16:56






  • 2





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    Apr 14 at 17:34












  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    Apr 15 at 7:18











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207378%2fhow-to-dynamically-generate-the-hash-value-of-a-file-while-it-gets-downloaded-fr%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









9














Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.






share|improve this answer























  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    Apr 14 at 16:56






  • 2





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    Apr 14 at 17:34












  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    Apr 15 at 7:18















9














Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.






share|improve this answer























  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    Apr 14 at 16:56






  • 2





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    Apr 14 at 17:34












  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    Apr 15 at 7:18













9












9








9







Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.






share|improve this answer













Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.







share|improve this answer












share|improve this answer



share|improve this answer










answered Apr 14 at 12:01









keithRozariokeithRozario

1,149213




1,149213












  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    Apr 14 at 16:56






  • 2





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    Apr 14 at 17:34












  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    Apr 15 at 7:18

















  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    Apr 14 at 16:56






  • 2





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    Apr 14 at 17:34












  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    Apr 15 at 7:18
















Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

– Snehitha Gaddam
Apr 14 at 16:56





Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

– Snehitha Gaddam
Apr 14 at 16:56




2




2





Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

– vidarlo
Apr 14 at 17:34






Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

– vidarlo
Apr 14 at 17:34














I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

– Snehitha Gaddam
Apr 15 at 7:18





I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

– Snehitha Gaddam
Apr 15 at 7:18

















draft saved

draft discarded
















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207378%2fhow-to-dynamically-generate-the-hash-value-of-a-file-while-it-gets-downloaded-fr%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Tamil (spriik) Luke uk diar | Nawigatjuun

Image
Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
Read more

Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

Image
Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
Read more

Where does the image of a data connector as a sharp metal spike originate from?Where does the concept of infected people turning into zombies only after death originate from?Where does the motif of a reanimated human head originate?Where did the notion that Dragons could speak originate?Where does the archetypal image of the 'Grey' alien come from?Where did the suffix '-Man' originate?Where does the notion of being injured or killed by an illusion originate?Where did the term “sophont” originate?Where does the trope of magic spells being driven by advanced technology originate from?Where did the term “the living impaired” originate?

Image
Automatically extend a Python list to N elements if it's too short? Fired for a policy I didnt know about, as well as another false reason Why isn't tilde recognised as home folder in this case? When does an Artillerist's Cannon have disadvantage? How large should a hole be for a bolt to go through? When is TeX better than LaTeX? How to determine if drill is suitable for concrete? Huygens Lander: Why The Short Battery Life? Why do people use bigger cassettes for lower gearing when they could instead use smaller chainrings? Is there a difference between downloading / installing a list of packages and downloading each packge by its own? Question about exercise 21.10 in The TeXbook How to publish a page using tridion core service client in sdl web 8.5 Can one get into trouble if one doesn't show up at the gate 30 minutes before departure (or whatever time window the boarding pass is indicating)? Does an action-reaction pair always contain the same
Read more