|
Nothing much. Just wanted to thank you for sharing. Though, personally, I made quite a few modifications to your class when I used it to be more 'in line' with C++, mostly, redefining your constants as 'const int' or whatever, redefining your macros as private, inline methods (to take advantage of type-checking, but no performance hit since inline), and adding 'const' to parameters & pointers wherever appropriate (to enforce 'const'-ness). Otherwise, good job.
|
|
|
|
|
thanks for previous responses, those really helped.
when I use ordinary character, like 'a', I get the same result both form command line and from a file. However, if I use a special character, such as
'╠', by copying and pasting it from the character map, I don't get the same result when I provide the input from the command line and from a file, please advise, thx
|
|
|
|
|
That depends on the character encoding and "code page" of your console.
See this page for more information on character encoding and code pages:
http://www.cs.tut.fi/~jkorpela/chars.html[^]
Hope that helps
Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
(doesn't work on NT)
|
|
|
|
|
Please correct me if I am wrong, as I don't have good programming skills, my understanding is that the implementation would take the ascii character data as the input and the resulting hash output would be hex. So if the input data is in the form of a stream of bits, we would need to convert it into the stream of characters first and then call the hash function(s) on that? Also, let us say if I have a string 11001001, what character data would it convert to, to become the valid input for the hash function(s)?
Rashad
|
|
|
|
|
Rashad wrote:
my understanding is that the implementation would take the ascii character data as the input
That's correct.
Rashad wrote:
the resulting hash output would be hex
The class supports hex (ReportHash using the REPORT_HEX flag), decimal (ReportHash using REPORT_DIGIT ) and 'raw byte' output (GetHash function). But you could easily convert the output to any base you want.
Rashad wrote:
So if the input data is in the form of a stream of bits, we would need to convert it into the stream of characters first and then call the hash function(s) on that?
Right.
Rashad wrote:
Also, let us say if I have a string 11001001, what character data would it convert to, to become the valid input for the hash function(s)?
base2(11001001) = 11001001
base10(11001001) = 201
base16(11001001) = C9
Therefor both of the following inputs are the same and valid:
unsigned char uc = 201;
unsigned char uc = 0xC9; If you have a string containing the bits, let's say like this: char *pszBits = "11001001"; you could use a conversion routine like this:
char *pszBits = "11001001";
char *p = pszBits;
unsigned char ucByte = 0;
int i;
for(i = 0; i < 8; i++)
{
ucByte |= (*p - '0');
ucByte <<= 1;
p++;
} This converts the bit string to its corresponding byte (ucByte). This byte can be passed to the Update function of the CSHA1 class.
Hope that helps
Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
(doesn't work on NT)
|
|
|
|
|
CSHA1 - A C++ class implementation of the SHA-1 hash algorithm, got different results when run the recompiled code on AIX 4.3.3, what modifications would be needed to get the same results.
Rashad
|
|
|
|
|
AIX is a big-endian system. Therefor open the SHA1.h file and change the line
#define LITTLE_ENDIAN
to
#define BIG_ENDIAN
Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
(doesn't work on NT)
|
|
|
|
|
CSHA1 - A C++ class implementation of the SHA-1 hash algorithm, is bit oriented or byte oriented
Rahsad
|
|
|
|
|
The Update function accepts only bytes, no bits, if you meant that.
Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
(doesn't work on NT)
|
|
|
|
|
What do I have to make this into a DLL for use with a windows program.
|
|
|
|
|
|
This may be a stupid guestion, but what exactly would one do with a SHA-1 hash?
Matt Newman Sonork: 100:11179
"Whoa, that ruled! What function key do I gotta press to get that to happen again?" - Strong Bad
|
|
|
|
|
First example: the Password Safe
Assume you have to develop an application that uses passwords for something. These passwords have to be saved to disk. For example consider a "Password Safe" that allows you to store other passwords. This password safe has a master key which allows a user to open his database.
Now, how is the master password stored on disk? If it is stored as plain text, everyone can read it. If you encrypt it with a fixed key (for example a hard-coded key or a key which is stored somewhere else on the computer), an attacker can search the key with which the master key has been encrypted (for example analyzing the executable file).
There comes the use of one-way functions: you hash the master password and store its hash on disk. The normal user enters his master password, this password gets hashed and is compared with the one stored on disk. If they are the same, the user is authenticated.
If an attacker now wants to break this system, he has to compute the master key from the hash. But SHA-1 is a one-way hash function, what means that the attacker cannot get the master password from the hash. Theoretically it is possible using brute-force, but in the real world it is impossible. He would have to calculate about 2^80 random messages to find another key that hashes to the same value (this is called "birthday attack"). He simply doesn't have the computing power to accomplish this.
For example Linux can store its login passwords hashed with MD5 (MD5 is a 128-bit one-way hash function, so a birthday attack "only" requires about 2^64 random texts to be hashed, SHA-1 would be better). This way the system is even secure if an attacker gets the file where the passwords are stored in ("shadow" normally).
Second example: Message Authentication Codes (MACs)
Another example is the usage of one-way functions as Message Authentication Codes (MACs). MACs are hash values that are additionally "encrypted" with a key. The final hash value is the hash of the message and the key.
And what's the use of it? Well, think of a program that hashes security-critical files on your disk and stores the hashes in a database. You enter the master key and compute the MACs of all files. Later, you enter the master key and calculate the hashes of the files again and compare them with the database. If all hashes are the same, none of the files has been changed/manipulated.
Now comes an attacker (for example a computer virus). What shall the virus do? Computing the hash values of the files is easy, but how can it compute the MAC? It's the same as in the example above: he would either have to break the SHA-1 function (which hasn't been broken today yet) or find another file that hashes to the same file (2^80 files, birthday attack).
If you would have used a hash function that isn't one-way, for example CRC (doesn't matter of what size, let's consider CRC-256), the attacker could compute another message very easily that hashes to the same value.
Hope you have an idea now what one-way hash functions are for
-Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
(doesn't work on NT)
|
|
|
|
|
Okay, makes sense now. Thanks!
Matt Newman Sonork: 100:11179
"Whoa, that ruled! What function key do I gotta press to get that to happen again?" - Strong Bad
|
|
|
|
|
When you choose REPORT_DIGIT , buffer szTemp
char szTemp[4];
it is too small, because line
sprintf(szTemp, " %u", m_digest[i]);
request 5 characters, when m_digest[i] >= 100
(space + 100 + terminator string = 5 chars).
So you must declare buffer szTemp as follow
char szTemp[5];
Thanks!
Good job.
Crowe
|
|
|
|
|
Uuhh, you are right, forgot the space
I will fix it as soon as possible.
Thanks!
-Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
|
|
|
|
|
The bug is fixed and the new version has been uploaded.
Thanks for your bug report
Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
(doesn't work on NT)
|
|
|
|
|
Doesn't the SHA-1 algorithm state that the message must be padded out to a length that is a multiple of 512 bits before it can be hashed? Did i miss this somewhere in the code?
|
|
|
|
|
The data is padded in the last round. See the function Final .
-Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
|
|
|
|
|
hi there. your code works well and is very good and fast. but i'm having problems in incorporating the code into a gui which i build from borland
please help?
thanx
ps; emergency. can u reply asap?
myde300
|
|
|
|
|
What exactly is your problem?
Read the article on how to output (formatted string and raw bytes) the final hash value.
-Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
|
|
|
|
|
i did read the article and you are most probably referring to this section here
void GetHash(unsigned char *uDest);
If you don't want to get the hash in a pre-formatted string like ReportHash, you can use this function. This function copies the final message digest (call Final before!) to uDest. uDest must be able to hold at least 20 bytes (SHA-1 produces a 160-bit/20-byte hash).
the problem is that i'm not terribly good at programming, and i have looked at the article but i don't know how to implement or put the get hash function into your source code.
i wish to view the t-values ( test report ) which eventually gives out the message digest ( which is W0-W5 ( which in your output is in one ENTIRE LINE)).
the second issue is that i'm having problems interfacing this with a gui which i made exclusively for your program, in windows ( as your's currently is in commandline with a borland compiler..
and also, i wish to request your permission to be able to edit and run through your code ( of which i most probably don't understand since my background in programming is so little.. )
and lastly, i thank you for taking the time to reply my initial post.
please do reply,
sincerely
myde300
|
|
|
|
|
myde300 wrote:
the problem is that i'm not terribly good at programming, and i have looked at the article but i don't know how to implement or put the get hash function into your source code.
Use the GetHash function like this:
CSHA1 sha1;
unsigned char ubRawDigest[20];
sha1.Update(string0, strlen(string0));
sha1.Update(string1, strlen(string1));
sha1.Update(binary2, uSizeOfBufferBinary2);
sha1.Update(binary3, uSizeOfBufferBinary3);
sha1.Final();
sha1.GetHash(ubRawDigest);
Now you have the 20 bytes/160 bits of the SHA-1 hash in the buffer ubRawDigest. You can now write an own output/formatting routine.
myde300 wrote:
the second issue is that i'm having problems interfacing this with a gui which i made exclusively for your program, in windows ( as your's currently is in commandline with a borland compiler..
Have a look at my Visual Hash Calculator on my homepage:
http://www.reichlsoft.de.vu[^]
This is a hash calculator with a nice Windows GUI. Supported hashes are SHA-1 (FIPS PUB 180-1), MD5, MD4, MD2, GOST-Hash, CRC-32, GHash-32-5 and GHash-32-3.
Complete C++ source code is available.
myde300 wrote:
and also, i wish to request your permission to be able to edit and run through your code ( of which i most probably don't understand since my background in programming is so little.. )
You may edit/modify the source code of my SHA-1 implementation as you wish, but you have to comment your changes (make a new header-comment-block) and you mustn't remove the original header-comment-block.
Happy hashing
-Dominik
_outp(0x64, 0xAD);
and
__asm mov al, 0xAD __asm out 0x64, al
do the same... but what do they do??
|
|
|
|
|
key-value mode is more convenient in most use.
|
|
|
|
|
The Transform() function unnecessarily uses a global variable, SHA1.cpp, line 51
static unsigned char workspace[64];
Change that to simply
unsigned char workspace[64];
(auto variable, not static) and you're re-entrant safe.
- Howard
P.S. Very nicely done. Crypto++ is extensive, but not very portable and WAY too complicated to try to fix. (Anyone port it to HP-UX aCC 3.0.33, Solaris Forte 6 Update 1 and/or xlC 5.0something on AIX 5.1L?) CSHA1 is far a good part of what I needed, and it's very straightforward code so shouldn't give me heartache moving to non-PC architectures and compilers. And it's quite fast from what I hear, which is nice too. Keep up the good work, and thanks.
|
|
|
|
|