Subnostr

For those devs interested in #blossom or the ones who have written other server implementations. I have a PR out that id like to get some thoughts on

https://github.com/hzrd149/blossom/pull/12

It changes the requirements for the upload authorization

Previously the upload auth required a "size" tag matching the exact size of the blob

This would change it to require an "x" tag with a matching sha256 hash

I initially wrote to spec to require a "size" tag because I thought it would be difficult for web apps to hash the file before uploading it

Turns out its not difficult at all https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#basic_example

And id like to correct this issue before any more clients implement blossom

nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft nostr:npub1wf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgs43dgh9 nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 nostr:npub1lunaq893u4hmtpvqxpk8hfmtkqmm7ggutdtnc4hyuux2skr4ttcqr827lj

Reply to this note

Please Login to reply.

Discussion

elsat 1y ago

nostr:npub13v47pg9dxjq96an8jfev9znhm0k7ntwtlh9y335paj9kyjsjpznqzzl3l8 nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s

PABLOF7z 1y ago

Did you test hashing a video, say 50 or 100MB on a phone? Wonder what that looks like

hzrd149 1y ago

tested on Pixel 4a with ~250MB file and took 1800ms https://codepen.io/hzrd149/full/wvbMqPz

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

hashing really isn't that expensive an operation on modern hardware

Leo Wandersleb 1y ago

Depends on the hash. SHA256 is fast.

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

i use an AVX2 SIMD version in my code also... i've tested it and it's more than 10x as fast as a standard CPU version

blake2 and blake3 are both very fast as well but my point still stands, it's not an expensive operation and is really an essential operation now, and it's something that javascript execution environments should provide, all of these hash functions, they are the current secure hashes, md5, SHA1, toast.

James A Lewis 1y ago

That's not bad!

Leo Wandersleb 1y ago

This comes in very handy for something I need to build, too. Ideally with a blossom server but for me the point of hashing is to check if the file already exists on the server prior to the upload.

ben 1y ago

stemstr does this with audio and it works fine

captjack 🏴‍☠️✨💜 1y ago

hashing a large media video or image file is NOT practical - doesnot matter at which stage it is done

captjack 🏴‍☠️✨💜 1y ago

mistake wrong word - encrypting it not practical but - but just integrity of file check is ok

Rand 1y ago

in the mix