SHA256 (without mhash)

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

SHA256 (without mhash)

Post by Maugrim_The_Reaper »

I've google'd, searched mailing lists, pushed other developers into apoplexy - but still no clue...

Now chances are it doesn't exist - in which case it's time to hit the editor and do it myself.

I'm looking for a php implementation of SHA256 (for hashing). Yes, I know about mhash, but this is aimed at being mhash independent. If anyone's seen it done somewhere let me know - any further locations to continue the quest suggest away.

Thanks people...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if you can find source for it, we may be able to help port it to php.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

C: http://www.adg.us/computers/sha.html
JS: http://www.mad-teaparty.com/Chrstph/sha256.html

But alas no PHP...:(

I've added a php implementation to my todo list - might get around to it during the week.
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

If you are able to execute external programs on your server you could edit and compile the C application and pass parameters which return an output string (With PHP of course). I have seen such functionality within the Cybersource payment processor.
User avatar
smpdawg
Forum Contributor
Posts: 292
Joined: Thu Jan 27, 2005 3:10 pm
Location: Houston, TX
Contact:

Post by smpdawg »

I have no idea if this will help you but there is a reference to SHA256 in the source here when you browse the source repository.

http://pear.php.net/package/Message

And this just javascript implementation looks like it would be easy to convert to PHP.

http://opensource.hld.ca/trac.cgi/file/ ... js?rev=190
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

my sad attempt at converting the first JS implementation has so far not gone great.. I've been fiddling with it off and on all day.. I'll fiddle with #2 now.. and see..
User avatar
smpdawg
Forum Contributor
Posts: 292
Joined: Thu Jan 27, 2005 3:10 pm
Location: Houston, TX
Contact:

Post by smpdawg »

What kind of problem are you having? How about posting the code that you have ported? Maybe we can make it work.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I've decided to implement my own version of the specification.. as trying to port over the Javascript or C versions linked to thus far have proven really time consuming and a pain to troubleshoot/debug to find the points of issue.. I'll post my implementation when I finish hopefully in a day or two.. (with tests) .. it uses some static classes and OOP (PHP4 though) .. will see about making a PHP5 version if needed.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

source has been posted:

viewtopic.php?t=31069
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Thats truly amazing work guys. Thanks a million for that.

Does anyone know what the license is on the javascript implementation? I cant seem to find a license reference in their cvs tree, and I just wanna be sure.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the first linked to appears to be public domain.. the second, no idea. I would imagine it is open source, since the site appears to be an open source repository of sorts.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

This is great work feyd - I'm glad I made that initial post :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

In case no one noticed, I've posted a new version with a PHP internal integer truncation fix for certain machines that were producing errors. Have fun.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

just for those that don't look at the code snippets board regularly:

I've updated the class (available here) to version 1.1.0. Added features are hashing of files and URLs. Speed apparently is up too. Go check it out.
Post Reply