Announcement

Collapse
No announcement yet.

fao Greg Turgeon re SHA-1

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • fao Greg Turgeon re SHA-1

    Hi Greg (or anyone else for that matter!)
    You posted a message in 1999 about source code for SHA-1 - I don't have a Compuserve account so could you (or any else) please either email it to me or post it on the source code forum?

    Regards

    Adrian Aitken
    [email protected]

    ------------------

  • #2
    Code:
    Adrian--
       
    Originally, I coded SHA-1 for the PB/DOS compiler.  I posted this 
    code in a few places, including on the old PowerBASIC BBS, but I have 
    no idea how far it's now travelled.  Since then I've sent it to 
    people who have requested it. 
       
    I've also coded SHA-1 for the PB 32-bit compilers.  I did so the 
    first time for a client, which of course left me with code that I 
    couldn't freely distribute, considering that someone had paid me to 
    write it.  Since then I've revised the code extensively so that I can 
    supply it, as a DLL, to clients for whom I work on larger projects.  
    But once again, I find myself with code that I'd be uncomfortable 
    distributing freely.
       
    I'd very much like to redo the algorithm yet again, probably as an 
    implementation of the recently released 256-bit SHA standard.  I'd 
    write this code with the intention of posting it here.  All I need is 
    the 60-hour day, which, surprisingly enough, neither major US 
    presidential candidate has yet promised to initiate. 
       
    Some people might recall that I used to post lots of stuff, back when 
    I had more free time to do so.  I always tried to put together the 
    type of posting which, I hope, offered code that suggested 
    possibilities that people might not otherwise have considered.  I now 
    have SHA/256 on my list of projects, and I'll be happy to post the 
    results once they exist.

    ------------------
    -- Greg
    [email protected]

    Comment


    • #3
      thanks greg, I've posted assembler versions of sha-1 and Rijndael (both freely distributable), just need some one who knows how to handle strings,bytes etc in 32-bit world. I only did .com programs (before .coms were massively profitable I might add !!!!)


      Adrian

      ------------------

      Comment


      • #4
        This code is based on original document.
        Of course, there are serious reasons to rewrite it using inline ASM.
        Code:
           #Compile Exe
           #Register None
           #Dim All
        
           Function f(t As Long, B As Long, C As Long, D As Long) As Long
              Select Case t
                 Case <= 19: Function = (B And C) Or ((Not B) And D)
                 Case <= 39: Function = (B Xor C Xor D)
                 Case <= 59: Function = (B And C) Or (B And D) Or (C And D)
                 Case <= 79: Function = (B Xor C Xor D)
              End Select
           End Function
        
           Function K(t As Long) As Long
              Select Case t
                 Case <= 19: Function = &H5A827999&
                 Case <= 39: Function = &H6ED9EBA1&
                 Case <= 59: Function = &H8F1BBCDC&
                 Case <= 79: Function = &HCA62C1D6&
              End Select
           End Function
        
           Function S(n As Long, X As Long) As Long
              Dim t1 As Long, t2 As Long
              t1 = x: Shift Left t1, n
              t2 = x: Shift Right t2, 32 - n
              Function = t1 Or t2
           End Function
        
           Function SHA(Str As String) As String
              Dim i As Long, j As Long, t As Long, kg As Long, nb As Long
              Dim H(0 : 4) As Long, w(0 : 79) As Long
              Dim A As Long, B As Long, C As Long, D As Long, E As Long, Temp As Long
              Dim AA(0 To 3) As Byte
              
              kg = Fix((Len(Str) + 8) / 64) + 1: nb = 16 * kg
             
              ReDim ww(0 To nb - 1) As Long
              ReDim bww(0) As Byte At VarPtr(ww(0))
              ReDim bwc(0) As Byte At StrPtr(Str)
        
              For i = 0 To Len(Str) - 1: bww(i) = bwc(i): Next: bww(Len(Str)) = &H80
              ww(nb - 1) = Len(Str) * 8
              
              For i = 0 To nb - 3
                 For j = 0 To 3: aa(3 - j) = bww(i * 4 + j): Next
                 For j = 0 To 3: bww(i * 4 + j) = aa(j): Next
              Next
        
              H(0) = &H67452301&
              H(1) = &HEFCDAB89&
              H(2) = &H98BADCFE&
              H(3) = &H10325476&
              H(4) = &HC3D2E1F0&
        
              For i = 0 To kg - 1
                 For j = 0 To 15: w(j) = ww(i * 16 + j): Next
                 For t = 16 To 79
                    W(t) = S(1, W(t-3) Xor W(t-8) Xor W(t- 14) Xor W(t-16))
                 Next
                 A = H(0): B = H(1): C = H(2): D = H(3): E = H(4)
                 For t = 0 To 79
                    Temp = S(5, A) + f(t, B,C,D) + E + W(t) + K(t)
                    E = D: D = C: C = S(30, B): B = A: A = Temp
                 Next
                 H(0) = H(0) + A: H(1) = H(1) + B: H(2) = H(2) + C: H(3) = H(3) + D: H(4) = H(4) + E
              Next
              Function = Hex$(H(0))  + Hex$(H(1)) + Hex$(H(2)) + Hex$(H(3)) + Hex$(H(4))
        
           End Function
        
           Function PbMain
              If SHA ("abc") = "A9993E364706816ABA3E25717850C26C9CD0D89D" Then MsgBox "ok1"
              If SHA ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = _
                "84983E441C3BD26EBAAE4AA1F95129E5E54670F1" Then MsgBox "ok2"
           End Function
        ------------------
        E-MAIL: [email protected]

        Comment


        • #5
          The problem with SHA-1 is if you take 2 different strings that
          are only slightly different, they will return the same hash.
          Try using the RIPE-160 hash posted to this board previously, it
          will return a differnt hash for two 20kb strings that only have
          one character different.

          I'm not sure if the same problem exists in the SHA-256 code.

          ------------------
          Thanks,

          Doug Gamble
          [email protected]

          Comment


          • #6
            Doug --
            The problem with SHA-1 is if you take 2 different strings that
            are only slightly different, they will return the same hash.


            Can you give a link with results of investigations ?
            If this is true, even CRC-32 works better.



            ------------------
            E-MAIL: [email protected]

            Comment


            • #7
              How similar do you mean? using the ASM code (posted in source code forum for a nice person to translate into PB compatible ASM ;-] whilst I jet off to New Zealand for 3 weeks) I can use two text files with only 1 character different. The results are completely and utterly different. This is what is supposed to happen with hashes. I don't know which version of SHA-1 you used.

              Regards

              Adrian Aitken


              ------------------

              Comment


              • #8
                Code:
                 
                The problem with SHA-1 is if you take 2 different strings that are only slightly different, they will return the same hash.
                Only two possibilities exist. 1) The implementation is buggy. 2) You've found a problem that has escaped everyone from the NSA on down, including every reputable security expert worldwide. I'd say that #1 is more likely.

                ------------------
                -- Greg
                [email protected]

                Comment


                • #9
                  There is a third possibility, I tested it wrong. I went back and
                  carefully examined the program I was using to test the code and
                  find I was looking at the same test file twice! The code Semen
                  posted works fine!

                  Sorry for the scare.

                  ------------------
                  Thanks,

                  Doug Gamble
                  [email protected]

                  Comment

                  Working...
                  X