Anyone implemented SHA-1?
Monkey Forums/Monkey Programming/Anyone implemented SHA-1?
| ||
In Monkey? Found this from Bmax. Can always convert if it hasn't been done. How would you suggest that one tests the SHA1 function to see if it works correctly? Was going to use this to encrypt user ID's over network. |
| ||
How would you suggest that one tests the SHA1 function to see if it works correctly? Check if "Hello World" outputs "0a4d55a8d778e5022fab701977c5d840bbc486d0"? That's similar to what I did when I was creating the CRC32 hash implementation. Was going to use this to encrypt user ID's over network. Why? Even if you do, someone peeking on the network could still figure out their ID if they have a rainbow table of numbers and the like. Seems pointless. |
| ||
Why? It is not really for my own sake: "Due to privacy regulations all unique user identifiers retrieved must be encrypted before being submitted to GameAnalytics." http://support.gameanalytics.com/entries/23053213-Encrypting-user-identifiers So :) I think this is by extension because of Apple's privacy concerns on tracking people's deviceID and similar identifiers such as Mac or userAccountID. |
| ||
Aren't Rainbow tables just large databases that compare string input to hashed outputs? Rainbow tables are good, but they're not perfect. |
| ||
Aren't Rainbow tables just large databases that compare string input to hashed outputs? Rainbow tables are good, but they're not perfect. Yes, while this is true for normal strings. You can expect a proper rainbow table to contain all numbers from the largest negative long value to the largest unsigned long value. If user IDs are only numbers, it's extraordinarily easy to find. Edit: I should note that I worked in network security and the like for a few years, so I'm pretty familiar with this kind of technology. |
| ||
That makes sense, number wise. String wise though complicates things, and from what I've seen in most applications they concatenate strings with the number value to generate the hash on the client end, then on the server do the same and compare the hash's before the data is digested. So you're still submitting an integer but the hash is "salted"(i think that's the correct term). |
| ||
Here is my port of SHA1. It is a port of Flash Sha1: https://code.google.com/p/as3corelib/source/browse/trunk/src/com/adobe/crypto/SHA1.as?r=2 It was hard to get working because Flash has a nice logical shift right (>>>), and Monkey doesn't. Anyway, I implement LSR in pure monkey, seems to work just ok =) ToHex is from http://www.monkeycoder.co.nz/Community/posts.php?topic=4058 Thanks Adam! Result: (only tested on HTML5 and GLFW Windows 7) Check the result at: http://en.wikipedia.org/wiki/SHA-1 (Examples and pseudocode) String: The quick brown fox jumps over the lazy dog h0: 2FD4E1C6, 802480582 h1: 7A2D28FC, 2049779964 h2: ED849EE1, -310075679 h3: BB76E739, -1149835463 h4: 1B93EB12, 462678802 String: The quick brown fox jumps over the lazy cog h0: DE9F2C7F, 3734973567 h1: D25E1B3A, -5060551878 h2: FAD3E85A, -86775718 h3: 0BD17D9B, 198278555 h4: 100DB4B3, 269333683 String: h0: DA39A3EE, -633756690 h1: 5E6B4B0D, -2710877427 h2: 3255BFEF, -3450486801 h3: 95601890, -1788864368 h4: AFD80709, -1344796919 String: Hello World h0: 0A4D55A8, -4122126936 h1: D778E502, 3615024386 h2: 2FAB7019, -3495202791 h3: 77C5D840, 2009454656 h4: BBC486D0, -1144748336 Let me know if there are any problems. |
| ||
@Ferdi It's neat that you made a Monkey-based Logical Shift Right, although I do have a native implementation for most, if not all, targets here http://www.monkeycoder.co.nz/Community/post.php?topic=1707&post=28645 if you wanted it to process a bit faster. Although, in modern devices, processing seems to be the least of my worries nowadays. |
| ||
Doh! Should have done a search on the forum, instead of mucking around and wrote my own. Thanks for that! I did thought about doing it natively, but I thought it was an overkill for what I was going to use it for. Probably going to be called once or twice in a single game. |
| ||
Thanks, this was exactly what I was looking for! |
| ||
For apples policy on encryption do they define what encryption is ?, just wondering if doing a quick homebrew sypher on the id's might have been enough, or are they forcing you to use sha or md5 ? |
| ||
Anyone got an encryption algorithm completely done in monkey? |
| ||
I got around to testing this out in my game, and kept running into issues (I needed the whole hash returned as one string, rather than separated). I came across an interesting side effect of String.FromChars. Whenever I tried to concatenate the hashes together, I'd only get the first one. After much head scratching, I changed this line in ToHex: Local r%=i, s%, p%=32, n:Int[p/4+1] to: Local r%=i, s%, p%=32, n:Int[p/4] and it was able to work properly. This wouldn't be noticed in the code the way it is presented, as each hex part is printed separately. When you try to concatenate them, however, you'll find you can add to the beginning of them but not the end. I assume this is because Monkey determines strings based on null terminations, which would throw away anything past the 'end' of the string. The Return String.FromChars(n) line was adding a null from n being one array element longer than it needed to be. Just posting this in case it helps someone else. |