Page 1 of 2
[Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Sun May 23, 2021 3:09 pm
by Mijikai
- Supported Hash Algorithms:
MD2
MD4
MD5
SHA1
SHA256
SHA384
SHA512
Please read the comments in the Source for further infos.
Have fun
Code: Select all
EnableExplicit
;------------------------------------------------------------------------------------
;hashi - HASH INCLUDE (x86/x64)
;Platform: Windows Vista, Windows Server 2008 (minimum supported)
;Version: Draft 2
;Author: Mijikai
;------------------------------------------------------------------------------------
;Note:
;Why the BCrypt API?
;The old Crypt API is deprecated!
;So this will only run on more modern machines but its the correct way to do it.
;------------------------------------------------------------------------------------
;ToDo:
;Maybe add a way to output the result as hex string!
;------------------------------------------------------------------------------------
Import "bcrypt.lib";<- Use the correct lib (x86/x64) from the MS SDK!
BCryptOpenAlgorithmProvider.i(*Algorithm,AlgId.s,Implementation.i,Flags.i)
BCryptCloseAlgorithmProvider.i(Algorithm.i,Flags.i)
BCryptGetProperty.i(Object.i,Property.s,*Output,OutputSize.i,*Result,Flags.i)
BCryptCreateHash.i(Algorithm.i,*Hash,*HashObject,HashObjectSize.i,*Secret,SecretSize.i,Flags.i)
BCryptHashData.i(Hash.i,*Input,InputSize.i,Flags.i)
BCryptFinishHash.i(Hash.i,*Output,OutputSize.i,Flags.i)
BCryptDestroyHash.i(Hash.i)
EndImport
Enumeration HASHI_HASH
#HASHI_MD2 ;16 bytes
#HASHI_MD4 ;16 bytes
#HASHI_MD5 ;16 bytes
#HASHI_SHA1 ;20 bytes
#HASHI_SHA256 ;32 bytes
#HASHI_SHA384 ;48 bytes
#HASHI_SHA512 ;64 bytes
EndEnumeration
Procedure.i hashiHash(*Buffer,BufferSize.i,Type.i,*Hash = #Null);optional: point *Hash to a buffer that should receive the hash!
Protected result.i
Protected handle.i
Protected *object
Protected object_size.i
Protected hash_size.i
Protected bytes.i
Protected hash.i
If *Buffer
Select Type
Case #HASHI_MD2
result = Bool(BCryptOpenAlgorithmProvider(@handle,"MD2",#Null,#Null) = #Null)
hash_size = 16
Case #HASHI_MD4
result = Bool(BCryptOpenAlgorithmProvider(@handle,"MD4",#Null,#Null) = #Null)
hash_size = 16
Case #HASHI_MD5
result = Bool(BCryptOpenAlgorithmProvider(@handle,"MD5",#Null,#Null) = #Null)
hash_size = 16
Case #HASHI_SHA1
result = Bool(BCryptOpenAlgorithmProvider(@handle,"SHA1",#Null,#Null) = #Null)
hash_size = 20
Case #HASHI_SHA256
result = Bool(BCryptOpenAlgorithmProvider(@handle,"SHA256",#Null,#Null) = #Null)
hash_size = 32
Case #HASHI_SHA384
result = Bool(BCryptOpenAlgorithmProvider(@handle,"SHA384",#Null,#Null) = #Null)
hash_size = 48
Case #HASHI_SHA512
result = Bool(BCryptOpenAlgorithmProvider(@handle,"SHA512",#Null,#Null) = #Null)
hash_size = 64
EndSelect
If result
result = #False
If BCryptGetProperty(handle,"ObjectLength",@object_size,SizeOf(Integer),@bytes,#Null) = #Null
If object_size
*object = AllocateMemory(object_size)
If *object
If BCryptCreateHash(handle,@hash,*object,object_size,#Null,#Null,#Null) = #Null
If BCryptHashData(hash,*Buffer,BufferSize,#Null) = #Null
If *Hash
result = Bool(BCryptFinishHash(hash,*Hash,hash_size,#Null) = #Null)
Else
*Hash = AllocateMemory(hash_size)
If *Hash
If BCryptFinishHash(hash,*Hash,hash_size,#Null) = #Null
result = *Hash
Else
FreeMemory(*Hash)
EndIf
EndIf
EndIf
EndIf
BCryptDestroyHash(hash)
EndIf
FreeMemory(*object)
EndIf
EndIf
EndIf
BCryptCloseAlgorithmProvider(handle,#Null)
EndIf
EndIf
ProcedureReturn result
EndProcedure
Procedure.i hashiSize(*Hash)
ProcedureReturn MemorySize(*Hash)
EndProcedure
Procedure.i hashiFree(*Hash)
ProcedureReturn FreeMemory(*Hash)
EndProcedure
Procedure.i Demo()
Protected dummy.s
Protected *hash
dummy = "Hello World!"
*hash = hashiHash(@dummy,StringByteLength(dummy),#HASHI_SHA512)
If *hash
Debug *hash
ShowMemoryViewer(*hash,hashiSize(*hash))
hashiFree(*hash)
EndIf
ProcedureReturn #Null
EndProcedure
Demo()
End
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Sun May 23, 2021 3:16 pm
by STARGĂ…TE
Where can I find this bcrypt.lib, the compiler says "POLINK: fatal error: File not found: 'bcrypt.lib'."
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Sun May 23, 2021 3:25 pm
by Mijikai
The lib is part of the MS SDK, mine came with Visual Studio.
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 7:17 am
by Keya
MD2, MD4, MD5, and SHA1 should be considered "broken"
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 8:05 am
by Saki
md5 and SHA1 can still be used without further ado, e.g. when a hash is created from an encrypted file.
That is, if the plaintext is not known.
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 8:25 am
by Keya
Saki wrote: Mon May 24, 2021 8:05 am
md5 and SHA1 can still be used without further ado, e.g. when a hash is created from an encrypted file.
That is, if the plaintext is not known.
Why use them when the cryptography community has branded them "broken", and there are secure replacements?
As programmers it is our RESPONSIBILITY to the world to ensure we use state-of-the-art cryptography, not algorithms that were broken decades ago.
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 8:28 am
by BarryG
Keya wrote: Mon May 24, 2021 7:17 am
MD2, MD4, MD5, and SHA1 should be considered "broken"
Depends what you use them for.
https://superuser.com/questions/61461/w ... vily/61468
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 8:30 am
by Keya
Saki wrote: Mon May 24, 2021 8:05 am
md5 and SHA1 can still be used without further ado, e.g. when a hash is created from an encrypted file.
That is, if the plaintext is not known.
Why use them when the cryptography community has branded them "broken", and there are secure replacements?
As programmers using cryptography it is our RESPONSIBILITY to the world to ensure we use state-of-the-art cryptography, not algorithms that were broken decades ago.
Do you want doctors in hospitals using outdated medicine when we now have newer, better medicine???
And Mijikai's beautiful code shows you how to use the stronger hashes, yet you are recommending using broken weaker ones???
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 8:51 am
by Saki
Unfortunately, this view is wrong.
You can't falsify a document with a broken hash if you don't know its content.
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 9:01 am
by Keya
Saki wrote: Mon May 24, 2021 8:51 am
Unfortunately, this view is wrong.
You can't falsify a document with a broken hash if you don't know its content.
WHY are you advocating for the use of cryptographical algorithms that have been broken when we now have secure replacements for them??? And how does advocating for algorithms that were broken decades ago give the general public (or your customers) any confidence? Why not simply upgrade to the latest secure algorithms to show your customers you're giving them the latest and greatest proven cryptographical algorithms, rather than ones that were broken DECADES ago??? (and Mijikai's source code already provides that capability!)
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 9:29 am
by Saki
Then explain to me exactly what broken means.
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 9:39 am
by Keya
Saki with all due respect I am not here to get into an argument here about the definition of "broken".
What I do know is that many algorithms such as MD5 have been considered "broken" for DECADES, and have since been replaced by other algorithms that we can have far more faith in. As programmers we are supposed to provide our customers with the latest and greatest ... and when that comes to cryptography, that means providing them with most secure algorithms in the world. AND WE HAVE ACCESS TO THAT, as Mijikai has posted an example of. But for a programmer like yourself to still be using and promoting MD5 in 2021 is not good for any programmers, it can only give us all a bad name.
I just cannot understand why you are SO aggressive about standing up for MD5 when 1) it is completely broken, even according to it's author Ron Rivest and 2) we have alternatives available which are just as easy to use. SO WHY NOT JUST USE THE MORE SECURE ALTERNATIVES???
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 9:57 am
by Saki
Ahhh, I'm not aggressive after all, dear.
You just need to realize what broken means.
It is important to know what exactly is meant by it.
PB now offers the most important hashes, for all OSes.
The conversion from hex to binary is very fast with hashes.
Hex is just better to handle than binary.
The problem is mostly that people copy the hex values into the AES register, which totally undermines the security of AES.
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 10:07 am
by Keya
Saki wrote: Mon May 24, 2021 9:57 am
PB now offers the most important hashes, for all OSes.
The conversion from hex to binary is very fast with hashes.
Hex is just better to handle than binary.
The problem is mostly that people copy the hex values into the AES register, which totally undermines the security of AES.
I'm not sure how hex-to-binary answers my question in regards to using decades-old outdated algorithms. (Hex-to-bin has
nothing to do with cryptography)
And what is the "AES register" ??? most of us have been using AES for years now, but I've never heard of an "AES register", but you claim that's where the security failure happens (?!?!)
Re: [Source] hashi - Hashing Include (x86/x64) [Windows OS]
Posted: Mon May 24, 2021 10:10 am
by Mijikai
Judging by recent posts and releases i think Saki is all about: Obscurity + Bloat = Security
So he will take basically anything and throw it in the mix, which has entertainment value i must admit.
