Author Topic: [C++] Another Hashing Method. Ugh, I know.  (Read 8157 times)

0 Members and 1 Guest are viewing this topic.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
[C++] Another Hashing Method. Ugh, I know.
« on: November 03, 2005, 06:29:55 pm »
Code: [Select]
/*
 * This
 * is
 * an
 * incredibly
 * ambiguous
 * comment
 */

/*
 * C++ Hashing Method
 * Author: Joe LaFrance
 */

#include <iostream>
using namespace std;

unsigned long hashdata(string);

int main(int argc, char *argv[]) {
  if(argc == 1) {
    cout << "Error: No data to be hashed." << endl;
  } else {
    string toHash;
    for(int i = 0; i < argc - 1; i++) {
      toHash = toHash + argv[i+1] + " ";
    }
    cout << hex << "0x" << hashdata(toHash) << endl;
  }
  return EXIT_SUCCESS;
}

unsigned long hashdata(string passed) {
  unsigned long ret = 0x12345678;
  string hashcode = "\x56\x24";
  for(int i = 1; i < passed.size(); i++) {
    ret = ret * passed[i];
    ret = ret * passed[i-1];
    ret = ret ^ hashcode[i % 2];
  }
  ret = ret * (passed.size() ^ hashcode[0]);
  ret = ret ^ hashcode[1];
  return ret;
}

Problems:
- Hashcodes aren't very diverse. Change them if you feel the need.
- There's an incredibly ambiguous comment and I can't quite figure it out.
- It's not xor'd the last time. More specificially, its xored by 00000000b, because anything * 0 = 0, and the i+1 = NULL.
- It passes an extra 0x20 to the end of the string. You'll live.
- Incredibly unrandom.

Another thing, where does this go now? General programming? Network security (here)? General security? Trash can (<3 newby)?

Anyone see any security vulnerabilities?

PS: If anyone cares (I know you don't, but still) why I used a long, its so this could easily be cast to a DWORD and sent over a network. =)

EDIT -
Bugfix: Fixed a last second modification (which killed it) where I passed both a variable and a const char[2] to the + operator. Ugh, VB allows it. =)
Added: Outputs in hex.

EDIT -
joe@JoeMomma:~/dev/cpp/hash $ ./hash.o SMILE FOR THE POST.
0xb7e360fc

EDIT -
I found a SERIOUS security exploit in this. The data to be hashed isn't passed. It's always the same. Damn C++.
Warrior's methods of passing arrays suck. =p
« Last Edit: November 03, 2005, 07:12:58 pm by Joe[e2] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #1 on: November 03, 2005, 08:15:17 pm »
Uhh.... isn't hashed data supposed to be unreturnable?
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #2 on: November 03, 2005, 08:20:18 pm »
Some problems:
- Newlines, tabs, spaces, and any other whitespace will hash the same. That can introduce collisions.
- Multiple spaces beside each other won't affect it.  So that's another way to introduct a collision. 
- Your ending data is only 4 bytes, so it's extremely easy to bruteforce the entire keyspace.  232 possibilities, at say 15000 tries/second (not unrealistic, especially with such a simple algorithm), means you can force a collision in about 3 days.  That makes it useless for verification. 
- It's being xor'd by predictable values, so the xor'ing is completely useless.
- If it's a short string (so it doesn't overflow), you could probably get the original string back by finding out which letter evenly divides into the resulting number.  You could easily work backwards like that. 
- The last characters in the string have more effect than the first characters.
- NULL characters or \x01 characters won't hash properly, so ths is pretty useless for hashing binary data. 

Why do you try to invent your own hashing/encryption algorithms, anyway?  You realize that the current ones used were derived by mathematical geniuses, and tested for a significant amount of time with every known attack before becoming a standard?  I'm pretty sure you don't know a lot about math, or about cryptographic theory, so there really isn't a point in trying to invent your own.  Why don't you find the outline of the SHA1 or MD5 (or even MD2) standard and try to implement that on your own?  One of our assignments in school was to implement MD2.

Oh, and by the way, .o is for object files, not for the final output.  If you really feel like you need an extension, use .bin or .out. But you shouldn't need an extnesion at all. 

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #3 on: November 03, 2005, 09:11:33 pm »
Warrior's methods of passing arrays suck. =p

You suck at implementing it.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #4 on: November 03, 2005, 09:14:43 pm »
Maybe it's a little of both! :P

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #5 on: November 03, 2005, 11:16:44 pm »
Or maybe he sucks at implementing it.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #6 on: November 03, 2005, 11:19:46 pm »
Or maybe he sucks at implementing it.
I doubt it! :)

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #7 on: November 03, 2005, 11:30:18 pm »
It's Joe.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #8 on: November 03, 2005, 11:55:52 pm »
Arrays should never be passed as parameters.  Pointers to arrays can be, but actual arrays shouldn't be.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #9 on: November 04, 2005, 12:26:17 am »
Don't look at me. I didn't suggest that.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #10 on: November 04, 2005, 12:34:49 am »
But you implied that!

Buahaha, I love being a bastard.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #11 on: November 04, 2005, 12:49:57 am »
You're misinterpretation, not my fault.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #12 on: November 04, 2005, 12:51:03 am »
You're misinterpretation, not my fault.
Your **!

It was a joke anyway, silly goose.  ^_^

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #13 on: November 04, 2005, 01:05:21 am »
's what I get for typing when I am tired. Speaking of tired, going to bed.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline RoMi

  • x86
  • Hero Member
  • *****
  • Posts: 502
  • gg no re
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #14 on: November 04, 2005, 06:13:41 am »
iago what grade would you give joe's code?
-RoMi

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #15 on: November 04, 2005, 07:58:32 am »
The only reason I try to create methods of my own are just for the experience. I learned quite a few things by doing this (about C++).
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #16 on: November 04, 2005, 08:41:21 am »
I just noticed, in a string with a length divisible by 4, the xor'ing will cancel itself out. 

Sidoh -- It depends on what the assignment was.  I usually mark the code itself, which would do well (except for the fact that he's using a string where a char[] would do :)).  The actual algorithm is rather flawed. 

And Joe -- there's better ways to learn, but as long as you're having fun, oh well :)

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #17 on: November 04, 2005, 05:12:22 pm »
A little laugh for you all, Warrior had me looping through argv using WHILE, so I didn't know the UBound. I just waited for it to be null.

Code: [Select]
string toHash;
int i = 1;
while(argv[i] != NULL) {
  toHash =+ argv[i];
}

When argc holds the UBound.

Code: [Select]
char ignorantProgramming[] = "Lots of headache\x0";
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #18 on: November 04, 2005, 05:33:06 pm »
That was of course assuming you had tried the previous (more practical) methods and failed.

Also nice job not incrementing 'i', retard.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #19 on: November 04, 2005, 05:51:35 pm »
A little laugh for you all, Warrior had me looping through argv using WHILE, so I didn't know the UBound. I just waited for it to be null.

Code: [Select]
string toHash;
int i = 1;
while(argv[i] != NULL) {
  toHash =+ argv[i];
}

When argc holds the UBound.

Code: [Select]
char ignorantProgramming[] = "Lots of headache\x0";

You don't need a \x0 at the end of a string.  " and " imply that the string ends with a \0.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [C++] Another Hashing Method. Ugh, I know.
« Reply #20 on: November 04, 2005, 10:09:36 pm »
RoMi asked that, not me.  Silly.  :P