Vice Underdogs
Scripting => Script Showroom => Topic started by: stormeus on November 11, 2011, 06:25:58 pm
-
Something I've already posted on the VC:MP Squirrel forum, might as well repost it here. It works like MD5/SHA1 in lu_hashing, but is a slightly modified implementation of SHA256, which is more complex but also more secure. The fact that it's modified means it's even less likely someone is going to decrypt it.
Not for Pawn; if you're still using that,
http://www.youtube.com/watch?v=M5QGkOGZubQ
function rotateRight(val, sbits)
{
return (val >> sbits) | (val << (0x20 - sbits));
}
function STORM256( string )
{
local hp = [
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
];
local k = [
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
];
local
w = array( 64 ),
i = 0,
s = 0,
len = string.len( ),
word_array = array( 0 );
for( i = 0; i < len - 3; i += 4 )
{
word_array.push( string[i] << 0x18 | string[i + 1] << 0x10 | string[i + 2] << 0x08 | string[i + 3] );
}
switch( len % 4 )
{
case 0:
i = 0x80000000;
break;
case 1:
i = string[len - 1] << 0x18 | 0x80000000;
break;
case 2:
i = string[len - 2] << 0x18 | string[len - 1] << 0x10 | 0x08000;
break;
case 3:
i = string[len - 3] << 0x18 | string[len - 2] << 0x10 | string[len - 1] << 0x08 | 0x80;
break;
}
word_array.push( i );
while( ( word_array.len() % 0x10 ) != 0x0E )
word_array.push( 0 );
word_array.push( len >> 0x10 );
word_array.push( ( len << 0x03 ) & 0xFFFFFFFF );
local s0, s1;
for( s = 0; s < word_array.len(); s += 0x10 )
{
for( i = 0x00; i < 0x10; i++ )
w[i] = word_array[s + i];
for( i = 0x10; i < 0x40; i++ )
{
s0 = rotateRight( w[i - 15], 7 ) ^ rotateRight( w[i - 15], 18 ) ^ ( w[i - 15] >> 3 );
s1 = rotateRight( w[i - 2], 17 ) ^ rotateRight( w[i - 2], 19 ) ^ ( w[i - 2] >> 10 );
w[i] = w[i - 0x10] + s0 + w[i - 7] + s1;
}
local a = hp[0],
b = hp[1],
c = hp[2],
d = hp[3],
e = hp[4],
f = hp[5],
g = hp[6],
h = hp[7];
for( i = 0x00; i < 0x40; i++ )
{
s0 = ( rotateRight( a, 2 ) ^ rotateRight( a, 13 ) ^ rotateRight( a, 22 ) );
local maj = ( ( a & b ) ^ ( a & c ) ^ ( b & c ) );
local t2 = ( s0 + maj );
s1 = ( rotateRight( e, 6 ) ^ rotateRight( e, 11) ^ rotateRight( e, 25 ) );
local ch = ( ( e & f ) ^ ( ( ~e ) & g ) );
local t1 = ( h + s1 + ch + k[i] + w[i] );
h = g;
g = f;
f = e;
e = d + t1;
d = c;
c = b;
b = a;
a = t1 + t2;
}
hp[0] += a;
hp[1] += b;
hp[2] += c;
hp[3] += d;
hp[4] += e;
hp[5] += f;
hp[6] += g;
hp[7] += h;
}
local hash = format(
"%08x%08x%08x%08x%08x%08x%08x%08x",
hp[0],
hp[1],
hp[2],
hp[3],
hp[4],
hp[5],
hp[6],
hp[7]
);
return hash;
}
-
Interesting. I'll be happy doing some brute forcing on it and compare it with md5 & sha1.
Not much I can say until then.
-
I cant understand crap but it looks cool ;D
-
Whoever reverses this gets a million bucks from me.
-
Whoever reverses this gets a million bucks from me.
I do then :P
-
I don't know much about encryption but it looks quite nice
-
Whoever reverses this gets a million bucks from me.
Hashes aren't really something you can "reverse". Their algorithms are made for 1 way encryption only, no decryption. The point of it is that once someone encrypts their password with (SHA0/SHA1) for example - "lol" it's transformed into a 20 letter hash like 403926033d001b5279df37cbbe5287b7c7c267fa containing only numbers (0-9) and letters (a-f) - a total variety of 16 symbols. No matter how long or short the password is, (SHA0/SHA1) hashes will have the same length of 20 symbols. Which means (SHA0/SHA1) hashes can have 16^20 different combinations. For those who suck at math it's a shitload of combinations for ANY current super computer.
To put it in short - if somebody knows your password's hash, he doesn't know your original password. That's why hashes are stored in forum databases instead of plain text passwords. If a hacker comes in he won't be able to get your passwords, only the hashes.
The only way he will be able to convert them is to guess password combinations until the combination's hash matches the original hash. Which his called brute forcing and can be real fucking slow.
By the way Stormeus, I'm trying to convert your Squirrel code to C++, but I stumbled upon a problem. What does local word_array = array( 0 ); do? Create a 1D infinite array or something? And how does word_array.push() work with array(0);?
-
An array of 0 creates an empty array that can be expanded by pushing values. It's the same with any array. array( 50 ) would initialize my_array[0] to my_array[49], but you can still push to it to make it larger.