PureBasic Forums - English

Still missing the answer to my question, dears.

Still missing the answer to some very simple questions, and we don't even know what your question is, other than "convert hex to binary" (???)
It would also be good if you could stop disparagingly calling us all "dears"

Anyway I will will leave it at that. No need to stoke a fire. I just wish Saki could've recognised that it's IMPORTANT for programmers to provide the best and latest cryptography for their customers - and not cryptography that was broken decades ago. We need to be the best in the world ... not the best 25 years ago.

Cryptography is a specialised field in computer science - if you can't handle it, please stay out of the kitchen, for the good of humanity. And programmers need to be trusted - that cannot be exploited.

If I'm friendly, it's not right either.
But before we both still argue here.
Have a nice day.

An algorithm is not simply broken. All depends on where and how it is used. For file comparison all hashes are slower than just comparing byte by byte (after size and date check) unless a network is involved. The fix there is to store the pre-calculated hash and timestamp with the file. Anyway, thanks for the function. Easy to add other supported algorithms too.

https://en.wikipedia.org/wiki/Preimage_attack

Actually it is quite simple to understand.

Let's just consider MD5, for example. I'll just post some statements from the MD5 Wikipedia page.

The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".

The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor.

Further, there is also a chosen-prefix collision attack that can produce a collision for two inputs with specified prefixes within seconds, using off-the-shelf computing hardware.

As professional programmers trying to give our customers the best, we need to stop using MD5.

We have adequate replacements now, some which are even faster, if speed is what you're after. There is simply no need to use MD5 now that it is completely broken.

https://cjl.dev/md5-collision/#:~:text= ... 20feasible

I was referring to the Preimage usage.
What that is, you can read here.

Saki wrote: Tue May 25, 2021 9:11 am https://cjl.dev/md5-collision/#:~:text= ... 20feasible

I was referring to the Preimage usage.
What that is, you can read here.

Seems like you are confused... what even is your argument?
Its not like anything you linked magically fixes MD5 and the way it is broken.

Hello Mijikai,
be careful. Don't attack Saki/Walbus too much or he might disappear again.
His ego doesn't allow any other opinion then his own.

I have not carried the discussion and insults into this thread #Lord.
Why are you trying to tease here ?

It was only about the discussion about it, which is just usual in discussion forums.

I don't want to be right either.
The information is available and everyone can evaluate it for themselves.

Why do you now come crawling behind me again to stank ?

Don't you have anything more useful to contribute,
or are you only interested in damaging the thread ?

#Mijikai
It's not about being right, it's just a discussion about it.
When you encrypt a file AES, you usually do it like this,
you add the hash binary at the end.
After that the IV is appended binary.
You can hash the hash again with a salt and also generate it from the encrypted data.
In this construction you cannot change a single bit unnoticed.
An md5 is absolutely OK here.
Yes, this can be broken at some point, of course.
AES can also be broken at some point.
RSA is in fact already broken.
It is now recommended not to use AES128.

Practically it is not possible and who should deal with it.
It would be a mammoth task that would fail 99.999.... percent of the time.

As a side note.
The SHA3 module from Wilbert is about 50% faster than the version implemented in PB.

Saki,
So you're now saying "keep using MD5 (it's 'absolutely ok'), but don't use AES" ... *sigh* I give up

You don't know the Snowden documents ?
80 bits are already broken.
You don't know for sure if the NSA can already break AES128.

If they can already do it, they certainly won't tell anyone about it.

As sample - Attack with quantum computers :
Grover’s algorithm can reduce the brute force attack time to its square root.
So for AES-128 the attack time becomes reduced to 2^64 (not very secure),
while AES-256 becomes reduced to 2^128 which is still considered very secure.

The effort for a thing must also always be in proportion to the benefit.
We should not see what is possible or will be possible as a yardstick.
It must then also be done, the means and the time must be available.

I'm out again now, thanks for the good discussion.

I wish to add my 2 cents; I think anyone has the right to use code as they see fit. There are many henious crimes committed in code - by most developers...so what? We all make mistakes and in any case even the best tehcnology can be circumvented, misused or fail. Look at the Space Shuttles, and Concord and modern airplanes...and my washing machine.

Saki has shared code with us...Thank you @saki. Anyone who does not like it, can feel free to avoid them. Rather than argue..maybe better to enjoy a beer...or coffee!

But please, don't undermine each other and spread hate. Purebasic community is a small close knit group. Let's keep it that way, and keep it friendly.

Thank you.

Can any admin please lock this thread?