More native hashing options

ID:1601920
 
Jun 16 2014, 1:37 pm
Applies to:Dream Maker
Status: Open
Issue hasn't been assigned a status value.
I'd like to see more hashing support. SHA1 and SHA256 to be more specific.

SHA1 because SMF forums currently use SHA1 and I'm now linking future projects to work with the SMF database.

SHA256 because from what I understand SHA1 was broken and SHA256 is more secure.

I am curious as to why we only have MD5() support natively at the moment.
Jun 16 2014, 1:44 pm
+1
Jun 17 2014, 6:17 am
Dupe

Though you'll fine I think implementing SHA-1 is a waste considering it's been vulnerable for almost a decade now.
Jun 17 2014, 7:57 am (Edited on Jun 17 2014, 8:03 am)
In response to Airjoe
Airjoe wrote:
Though you'll fine I think implementing SHA-1 is a waste considering it's been vulnerable for almost a decade now.

SMF still uses it, so I'd really like to push for that one still. It's actually one of the main reasons I made a post. I know of a lib that comes with a DLL/SO for SHA256. The problem is SMF still uses SHA1 and I can't find anything for it. I suck at C/C++ as well and it never turns out well for me. I was going to try and compile something for SHA1 however I always end up with linker issues. x.x I mainly work in C#, C++ is too over my head.

Would it really be that bad of an idea to implement most of the ones that are/were used the most? I mean, we only have MD5() natively, might as well add SHA1 as well as SHA256.

EDIT: It seems in the dupe post that SHA1 was also wanted by other community members as well for similar reasons. I'd like to ask that it be considered regardless of being broken-- It is still used.
Jun 17 2014, 2:43 pm
Depending on what your setup is, you could use shell() to get out of DM and call some arbitrary program you've written to handle the hashing stuff. It's a workaround, and it's operating system specific, but it's a way of doing this without too much hassle. An external library would be OS-specific too, so there's that at least.

Depending on how you're getting that SHA1 hash out, you could conceivably do it in DM too, by treating the SHA1 hash as a list of numbers, one for each byte.
Jun 17 2014, 3:08 pm
In response to Jp
Jp wrote:
Depending on what your setup is, you could use shell()

It's a great idea (http://www.byond.com/forum/?post=1600974)

shell() is pretty bad, It returns a 0 and not the stdout which sucks when trying to do this kind if thing. Especially since it creates unnecessary disk reads and writes just to print out a lousy command like ls.
Jun 18 2014, 5:10 pm
I would like this as well.

In the mean time, until this is implemented, you can use A.T.H.K's method or mine. I believe A.T.H.K's is more efficient but mine will work regardless, as long as you have an internet connection.

This is just a workaround until a built-in method is made, which should be the most efficient way.

Anywho:

Just a sample code:

var/list/sha256_hash_cache=list()

world
    New()
        sha256_hash_cache_function("load")
        ..()

proc
    sha256(string)
        if(string in sha256_hash_cache)return sha256_hash_cache[string]
        .=world.Export("http://www.ssj4justdale.x10.mx/sha256.php?string=[string]")
        if(!.)return "Failed to hash [string] due to network connectivity."
        .=file2text(.["CONTENT"])
        if(!.)return "Failed to hash [string] due to lack of content."
        sha256_hash_cache[string]=.
        return .
    
    sha256_hash_cache_function(function)
        switch(function)
            if("save")
                if(fexists(".sha256")){fdel(".sha256")}
                var/savefile/F=new(".sha256")
                F << sha256_hash_cache
            if("load")
                if(fexists(".sha256"))
                    var/savefile/F=new(".sha256")
                    F >> sha256_hash_cache
            if("clear")
                if(fexists(".sha256")){fdel(".sha256")}
                sha256_hash_cache=list()


mob
    verb
        SHA256_Hash(var/hashed_string as text)
            if(!sha256_hash_cache.Find(hashed_string) && !findtext(hashed_string," "))
                spawn(-1)sha256_hash_cache_function("save")
            hashed_string=sha256(hashed_string)
            src<<hashed_string
        
        Clean_Cache()
            sha256_hash_cache_function("clear")


PHP SCRIPT:

<?php

if(!isset($_GET['string']) || substr($_SERVER['REQUEST_URI'],0,19) != '/sha256.php?string=')
    die('Failed to retrieve string due to lack of content.');

$string =  substr($_SERVER['REQUEST_URI'],19);
$string=urldecode($string);

if(!isset($string))
{
    die("Failed to retrive string due to lack of content.");
} else {
    die(hash('sha256',$string));
}

?>
Jun 18 2014, 5:36 pm
Nice work!

But both workarounds are excessive.

One expects you to be using Linux and the other expects you to have a webserver with PHP installed..

A DLL or native hashing system would be much easier and better.
Jun 18 2014, 5:43 pm
Agreed, I shall leave that page of mine up and if you need additional hashing methods, I will upload those as well.

The DLL calling method is much more preferable as A.T.H.K has stated.
Jun 18 2014, 5:44 pm
In response to A.T.H.K
A.T.H.K wrote:
A DLL or native hashing system would be much easier and better.

For sure.^

Also, thanks Ssj4justdale. I came up with a similar solution except I never added hash cache functions.
Jun 18 2014, 5:55 pm
Keep in mind that for all of these methods, your users' passwords will be traveling in plaintext across the internet to the host's machine (and then on to a web server for a PHP-based hashing solution).

It might be worth adding a warning, so they don't reuse their BYOND key password or other important password as their game/forum account password.

You could do the hashing client-side in JavaScript, and just send the hash to the host.
Jun 18 2014, 5:58 pm
Awesome. I really hope this gets implemented.

I'm unsure of BYOND's MySQL features so I won't say for sure, but can you use MySql's SHA2() function?
Jun 18 2014, 6:27 pm
Ssj4justdale wrote:
Awesome. I really hope this gets implemented.

I'm unsure of BYOND's MySQL features so I won't say for sure, but can you use MySql's SHA2() function?

MySQL depends on a library, dantom.db

I had a quick look, doesn't seem to be any hashing functions in the lib, then again using this requires you to have a server with MySQL installed..

DarkCampainger wrote:
You could do the hashing client-side in JavaScript, and just send the hash to the host.

I was trying to push this to be native, anyway there is this JS Library for SHA1, http://www.webtoolkit.info/javascript-sha1.html#.U6JmePmLEnE
Jun 18 2014, 6:29 pm
Does the /database datum use dantom.db library? I truly don't know.

The /database is built-in to BYOND
Jun 18 2014, 6:35 pm
In response to Ssj4justdale
Ssj4justdale wrote:
Does the /database datum use dantom.db library? I truly don't know.

The /database is built-in to BYOND

That's SQLite.
Jun 18 2014, 6:38 pm
In response to DarkCampainger
DarkCampainger wrote:
Keep in mind that for all of these methods, your users' passwords will be traveling in plaintext across the internet to the host's machine (and then on to a web server for a PHP-based hashing solution).

I spent like 2-3 hours working on a javascript soluton just because of this-- I was under the influence and it failed. I'll probably try again when sober. Rofl.
Jun 19 2014, 8:48 am
Jun 19 2014, 9:26 am
In response to Ssj4justdale
Ssj4justdale wrote:
http://www.byond.com/developer/Murrawhip/Crypto

Murrawhip is a friend of mine- I couldn't get the linker working. I was going to change up what he released on github to support more than SHA256. The linker always gives me issues with VS. -_-
Jul 24 2014, 4:16 pm
You would need to use VS06(from my understanding) for it to work. It's what I used for my cryptoBYOND library which supports all sha's (sha1, sha224, sha256, sha384, sha512)

It's a simple tactic of adding additional hashing functions since the labor is already done, all you need to do is construct it.
Jul 24 2014, 4:16 pm