SHA-2 Support

Dec 20 2010, 11:10 am
Airjoe	I'm not so sure. Regardless, this is basic crypto. BYOND supports md5 and should have no trouble implementing SHA-2 when the code has been given to them.

Dec 20 2010, 11:20 am

Forum_account

Airjoe wrote:

I'm not so sure.

If only there was a way to represent 256 distinct values with an alphabet containing fewer than 256 symbols.

Regardless, this is basic crypto. BYOND supports md5 and should have no trouble implementing SHA-2 when the code has been given to them.

The code has been given to you too. I guarantee it's easier for you to take the code, compile it as a dll, and call it from a DM program than it is for the BYOND staff to add a new function to the language, test it, rebuild the software suite, and release an update.

Dec 20 2010, 1:00 pm

CauTi0N

Forum_account wrote:

Airjoe wrote:

I'm not so sure.

If only there was a way to represent 256 distinct values with an alphabet containing fewer than 256 symbols.

Regardless, this is basic crypto. BYOND supports md5 and should have no trouble implementing SHA-2 when the code has been given to them.

The code has been given to you too. I guarantee it's easier for you to take the code, compile it as a dll, and call it from a DM program than it is for the BYOND staff to add a new function to the language, test it, rebuild the software suite, and release an update.

Perhaps they should include patch updates with .dll files that you can include, rather than constantly update?

Dec 21 2010, 2:41 pm
Pirion	You hash the entire file, along with a salt. That hash goes inside the save file. woudn't this change the hash of the file as the file changed?

Dec 21 2010, 2:47 pm
Murrawhip	Pirion wrote: You hash the entire file, along with a salt. That hash goes inside the save file. woudn't this change the hash of the file as the file changed? I guess I should have been more specific - you hash the values of the file; you don't pass the /file through MD5.

Dec 22 2010, 11:06 am
Android Data	I think support for sha1 is a must as well. Languages like PHP only have support for sha1 and compatibility with that is important to me.

Dec 22 2010, 11:08 am
Airjoe	Android Data wrote: I think support for sha1 is a must as well. Languages like PHP only have support for sha1 and compatibility with that is important to me. http://www.php.net/manual/en/function.hash.php It is unnecessary to implement sha-1.

Jan 4 2011, 7:33 am
Android Data	Airjoe wrote: It is unnecessary to implement sha-1. I still propose adding it for those that are still using sha1, but only if it doesn't take away too much time from development. (I figure that after sha-2 it's pretty easy to implement sha-1 next to it for backwards compatibility.)

Jan 4 2011, 7:34 am
Airjoe	Android Data wrote: Airjoe wrote: It is unnecessary to implement sha-1. I still propose adding it for those that are still using sha1... Why?

Jan 4 2011, 9:42 am
Murrawhip	Airjoe wrote: Android Data wrote: Airjoe wrote: It is unnecessary to implement sha-1. I still propose adding it for those that are still using sha1... Why? Compatibility. Plenty of shit uses SHA1, and BYOND supporting it would make things potentially easier. I need to create users on an SMF database via a PHP script - I'd be able to do it within BYOND itself if it supported SHA1.

Jan 4 2011, 11:16 am
Airjoe	My point is that you shouldn't be using SHA-1, you should be using SHA-2. BYOND shouldn't need SHA-1 for compatibility because any reasonable language is using SHA-2.

Jan 4 2011, 3:25 pm

Murrawhip

Airjoe wrote:

My point is that you shouldn't be using SHA-1, you should be using SHA-2. BYOND shouldn't need SHA-1 for compatibility because any reasonable language is using SHA-2.

It doesn't matter what you should be using, it matters what is being used. By your logic, you should be using some obscure hashing function that nobody has ever heard of, because then even rainbow tables wouldn't be of much help in determing what data they represent.

I can think of far more commercial applications supporting/using SHA-1 than I can SHA-2.

I just don't see why we need to limit ourselves to a specific hashing function that you want, when there's plenty of others that may have a higher value to someone else.

In an ideal situation, we would have a hash function similar to PHP's, where we can specify the name of the hashing function we wish to use, and include the library with our project. Probably too much effort, though.

Jan 4 2011, 3:28 pm

Airjoe

Murrawhip wrote:

It doesn't matter what you should be using

No, really, it does.

it matters what is being used.

Which is SHA-2.

By your logic, you should be using some obscure hashing function that nobody has ever heard of

No. Security through obscurity is not security. You should be using SHA-2 because it is secure.

I can think of far more commercial applications supporting/using SHA-1 than I can SHA-2.

What do commercial applications have to do with anything? BYOND needs to be compatible with x,y,z commercial applications now?

I just don't see why we need to limit ourselves to a specific hashing function that you want, when there's plenty of others that may have a higher value to someone else.

Best practice.

Jan 4 2011, 3:39 pm

Murrawhip

Airjoe wrote:

Murrawhip wrote:

It doesn't matter what you should be using

No, really, it does.

it matters what is being used.

Which is SHA-2.

By your logic, you should be using some obscure hashing function that nobody has ever heard of

No. Security through obscurity is not security. You should be using SHA-2 because it is secure.

I can think of far more commercial applications supporting/using SHA-1 than I can SHA-2.

What do commercial applications have to do with anything? BYOND needs to be compatible with x,y,z commercial applications now?

I just don't see why we need to limit ourselves to a specific hashing function that you want, when there's plenty of others that may have a higher value to someone else.

Best practice.

I don't think you understood my point. I said it matters what is being used, because it may not be SHA2, such as my example with SMF which you ignored. SMF is pretty popular and widely used but by your logic, it simply shouldn't be used because it uses a slightly older hashing algorithm? Are you proposing we stop using all applications that don't use the latest hashing, the instant it is released?
It is not wrong to be using SHA1.

The BYOND Features tracker is for suggesting things that may enable you to accomplish things that wouldn't otherwise be feasible/possible. Enabling for the use of a WIDELY used set of hashing functions like SHA1 would accomplish this goal. Data and I (I believe) do not disagree with your request for SHA2, it would just be better if SHA1 was also available.
It's not for you to decide what is valid in others' requests of the BYOND team, especially when you merely say it is invalid and fail to provide any reasoning behind said declaration.

Jan 4 2011, 3:56 pm

Airjoe

Murrawhip wrote:

I don't think you understood my point. I said it matters what is being used, because it may not be SHA2, such as my example with SMF which you ignored. SMF is pretty popular and widely used but by your logic, it simply shouldn't be used because it uses a slightly older hashing algorithm?

It should be updated to support SHA-2. In fact, since it's PHP, you can change it yourself. Discussions of SHA-2 in SMF go back at least a year and a half ago, blame them for being stale.

Are you proposing we stop using all applications that don't use the latest hashing, the instant it is released?

Who's talking about the instant it is released? SHA-2 is ten years old. SHA-1 has been deemed vulnerable since 2005.

It is not wrong to be using SHA1.

It's not wrong in that it won't work, but that doesn't make it right.

It's not for you to decide what is valid in others' requests of the BYOND team, especially when you merely say it is invalid and fail to provide any reasoning behind said declaration.

If they didn't want discussion there wouldn't be comments. Implementing SHA-1 encourages poor practice. I don't care if BYOND implements SHA-1 or not, I won't use it. But requesting it under the guise of "compatibility" is silly.

Aug 26 2011, 10:39 pm (Edited on Aug 26 2011, 10:48 pm)

Ssj4justdale

Air joe, I support the use ofr SHA-2 capability in BYOND and it'll be much better if it was built in. But until then, you can always create one, or in this case: use a script to generate it and use BYOND to ping the return value.

proc/sha2(string){var/pings=0;pingagain{pings++;var/hashValue=world.Export("http://www.warefareproductions.elementfx.com/sha2-hash.php?text=[url_encode(string)]");\
if(pings>=3){return "Couldn't Retrieve the Hash Code."};if(!hashValue){goto pingagain};\
if(!hashValue["CONTENT"]){goto pingagain};hashValue=file2text(hashValue["CONTENT"]);\
return hashValue;}}

Just copy and paste that, it'll retrieve the SHA-2 Hash for you and if this succeeds, just throw it away xD.

Edit: Works like the md5() proc

Jul 9 2014, 2:07 am
Ssj4justdale	I know I am bumping this but here is a DLL to handle the functions of SHA1, SHA224, SHA256, SHA384, and SHA512. Download cryptoBYOND