Updated FileHash UDFs

[FuryCell]

Here are my updated filehash UDFs. I added FileHashTiger() and FileHashWhrilPool() (both thanks to b1t5tR3@m) and updated

To use them you need the MD5Deep command line utility which can be found here

Enjoy.

SolidSnake.

Edit:Updated FileHashSha256() again. (I fixed another bug.) Also they are now distributed in a zip file containing all of them.

The functions contained in the zip are as follows:

_FileHashMD5()

_FileHashSHA1()

_FileHashSHA256()

_FileHashTiger()

_FileHashWhirlPool()

To use them you need the MD5Deep command line utility which can be found here

Enjoy.

SolidSnake.

Edit:Oops! Put StartUpSentinel here by accident.Will put up the proper zip as soon as I can get to my home pc.

Edit:Put file back up.

Edit:These functions have been replaced by my _FileHash and _StringHash functions. These new functions can be downloaded here.

Edited January 4, 2006 by SolidSnake

[ryeguy]

Just out of curiousity, why do other checksum methods exist? The only one I've heard of here is MD5.

[FuryCell]

Just out of curiousity, why do other checksum methods exist? The only one I've heard of here is MD5.

Probably the same reason there are different Audio formats (MP3,WMA,M4A) which IMO is that they are all competing with each other over which is the best.

Edited October 24, 2005 by SolidSnake

[MSLx Fanboy]

Isn't Microsoft supposedly moving from MD5 and SHA1 for their 'insecurities.' If I remember correctly, they wish to move to SHA256, however, they are building their next platform with hot-swappable checksum code possible (or something to that effect)

[b1t5tR3@m]

Isn't Microsoft supposedly moving from MD5 and SHA1 for their 'insecurities.' If I remember correctly, they wish to move to SHA256, however, they are building their next platform with hot-swappable checksum code possible (or something to that effect)

Not sure exactly what MS is doing, but NIST (National Institute of Standards and Technology) is moving away from MD5 and even SHA-1 (even though SHA-1 has not yet been compromised).

"At the recent Crypto2004 conference, researchers announced that they had discovered a way to "break" a number of hash algorithms, including MD4, MD5, HAVAL-128, RIPEMD and the long superseded Federal Standard SHA-0 algorithm. The current Federal Information Processing Standard SHA-1 algorithm, which has been in effect since it replaced SHA-0 in 1994, was also analyzed, and a weakened variant was broken, but the full SHA-1 function was not broken and no collisions were found in SHA-1. The results presented so far on SHA-1 do not call its security into question. However, due to advances in technology, NIST plans to phase out of SHA-1 in favor of the larger and stronger hash functions (SHA-224, SHA-256, SHA-384 and SHA-512) by 2010."

http://csrc.nist.gov/news-highlights/NIST-...SHA1-attack.pdf

http://csrc.nist.gov/hash_standards_comments.pdf

Between them Eli Biham, FariChen, Antoine Joux, XiaoyungWang, XuejiaLai, Dengguo Feng, and Hongbo Yu presented successful full collision attacks on MD4, MD5, HAVAL-128, HAVAL-160, RIPEND and SHA-0 at Crypto 2004.

Of these only MD5 is widely used in the US today

All these algorithms are broken now and should not be used to generate signatures.

Take this seriously:

Dont use MD5 or any of the broken hashes for signatures

SHA-1 not broken

Not much reason to expect it will be any time soon

NIST plans to phase out all 80-bit crypto by 2010

Moores Law & brute force threatens all 80-bit crypto after 2010

SHA-1 for signatures, 1024 RSA/DSA, 160-bit EC-DSA, Skipjack

HMAC SHA-1 is OK after 2010 because it depends on the one way property of SHA-1, not its collision resistance

FIPS 180-2 already in place with SHA-224, SHA-256, SHA-384 and SHA-512

http://csrc.nist.gov/pki/twg/y2004/Present...s/twg-04-14.pdf

There are five (5) FIPS-approved* algorithms for generating a condensed representation of a message (message digest): SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.

http://csrc.nist.gov/CryptoToolkit/Hash.html

This will have significant bearing on the computer forensics scene and the like.

Edited October 25, 2005 by b1t5tR3@m

[Celeri]

To use them you need the MD5Deep command line utility which can be found here

Thanks! Really useful!

Now I'm just curious. How hard would it be to program an SHA-1 algo with AutoIT3?

[FuryCell]

Thanks! Really useful!

Now I'm just curious. How hard would it be to program an SHA-1 algo with AutoIT3?

Thanks for the feedback.

About the SHA-1 coded with AutoIt I don't know how hard it would be but it should be possible now that AutoIt has binary support.

Edited October 27, 2005 by SolidSnake

[busysignal]

Thanks for the feedback.

About the SHA-1 coded with AutoIt I don't know how hard it would be but it should be possible now that AutoIt has binary support.

@SolidSnake, more great tools to add to AutoIt. I just have to rate this as a five-stars. Thanks for sharing.

Cheers..

[FuryCell]

@SolidSnake, more great tools to add to AutoIt. I just have to rate this as a five-stars. Thanks for sharing.

Cheers..

Thanks for the feedback.

Glad you like them.

Edited October 29, 2005 by SolidSnake

[Jeannot]

Hi SolidSnake,

first of all good job for file Hash.

I have a bug when I use RunAsSet function before any file hash function (access denied, see attached file)

#Include <FileHashMD5.au3>

RunAsSet("administrator", "domain", "password")

$X=_FileHashMD5(@ScriptFullPath)
MsgBox(0,"",$X)

PS : I'm an "advanced novice" in AutoIt, maybe it's normal, or not...

[FuryCell]

Updated. Tested with the new version of MD5Deep (V1.9) and stated in the headers that they are compitable with it.

Download from post above.

Edited November 12, 2005 by SolidSnake

[FuryCell]

Hi SolidSnake,

first of all good job for file Hash.

I have a bug when I use RunAsSet function before any file hash function (access denied, see attached file)

#Include <FileHashMD5.au3>

RunAsSet("administrator", "domain", "password")

$X=_FileHashMD5(@ScriptFullPath)
MsgBox(0,"",$X)

PS : I'm an "advanced novice" in AutoIt, maybe it's normal, or not...

Can't Test as I am not on a network but did you try having the script restart it self as the user you want to use?

P.S. Maybe someone on a network could try to figure out the problem.

Edited November 12, 2005 by SolidSnake

[pingpong24]

Please respond, your SHA1 code doesnt work with strings.

#Include <FileHashSHA1.au3>
dim $d
$d = "lets see if SHA1 really works hmm?"
MsgBox(0,"",$d)
$X=_FileHashSHA1($d)
MsgBox(0,"",$X)

[SmOke_N]

I may be wrong, but 'His' SHA1 code looks like it's intended for 'File' use, not individual string use.

[pingpong24]

i need a SHA1 hash for strings. is there any way of doing it besides coding SHA1 class.

[SmOke_N]

Without trying to to hijack this great thread, there's a MD5 hash for strings that MSLx Fanboy wrote... http://www.autoitscript.com/forum/index.ph...topic=18509&hl=

It's not SHA1 but may help you.

[pingpong24]

i have found SHA1 php class, i need convert that to AUTOIT, and it should work then.

i dont need MD5 or another i just need SHA1, as i am coding a autoit bittorrent client.

[SmOke_N]

i have found SHA1 php class, i need convert that to AUTOIT, and it should work then.

i dont need MD5 or another i just need SHA1, as i am coding a autoit bittorrent client.

I was trying to offer alternatives... Sounds like you'll be writing your own then. Look forward to seeing the outcome.

[MSLx Fanboy]

If you can find a VBScript (or javascript) for SHA1, use the link above in smoke_n's post, and just modify the function for your code. If you need help, PM me with the VBScript source, and I'll see what I can do to help

[FuryCell]

Sorry about the late reply. :"> but if IIRC the utilities i think there is a way to pass a string to SHA1Deep (or any other *Deep) through stdIn. I will try to look into it and maybe write _StringSHA1,etc.