Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel2
outlinefalse
typelist
printablefalse

Swarm provides methods for allowing applications to obtain and validate integrity guarantees on the stored data. Integrity is an independently verifiable guarantee the data returned for a given name or UUID is exactly the same data stored using that name or UUID, perhaps many months or years in the past. This is performed by hashing the data using a cryptographic hash algorithm.

Content metadata is not included in the hash. If the application stores the name or UUID and the associated hash value, these can be used later to verify the content has not changed, either through accidental or malicious means.

Integrity

...

Seals

An integral seal is a URL containing the object name or UUID, the hash value, and the type of hash algorithm used for the computations.

...

An application can request an integrity seal when it performs a WRITE by including a hashtype query string.

Example of a

...

Hashtype Request
Code Block
languagexml
POST http://company.cluster.com/?hashtype=md5 HTTP/1.1

...

Swarm replies with a 201 (Created) response that includes a location header with a URL that can later be used to retrieve the data after creating the object and assigning a name or UUID.
In addition to the host and name or UUID, the URL includes the hash type and value computed from the content object. This URL, including the triple name or UUID, hash type, and hash, is known as the content object integrity seal.

...

Code Block
languagexml
Location: http://129.69.251.143/41A140B5271DC8D22FF8D027176A0821
	?hashtype=md5
	&hash=7A25E6067904EAC8002498CF1AE33023

Validating

...

Reads

An integrity seal can be used in a subsequent READ request to validate the data stored in a storage cluster (any cluster). By supplying the URL returned in the Location header from the WRITE request (perhaps replacing the host address if connected to a different cluster or node), the application can ask Swarm to validate while reading the data.

...

Info

Important

Range headers are not compatible with integrity seals. The connection may be closed prematurely if the seal is incorrect.

Application

...

Initiated Hash Upgrading

Occasionally, cryptographers and mathematicians may defeat a cryptographic algorithm, making it possible for hackers to generate different content that has exactly the same hash value as previously-stored content. This issue occurred with the md5 and sha1 algorithms, but not the sha256, sha384, or sha512 algorithms.

Unlike other fixed content storage solutions, Swarm allows a user or application to upgrade a hash algorithm for an existing individual integrity seal. This is done performed by issuing a READ request with the name or UUID, the current hash type and hash, and then specifying a different, presumably stronger, hash type in the newhashtype query parameter.

Info

Important

Upgrade the hash promptly , before any exploit of the old algorithm becomes well known and available.

...