Text only | Text with Images

Valhalla Legends Archive

Programming => General Programming => Topic started by: warz on November 05, 2006, 08:12 PM

Title: SHA1 Question
Post by: warz on November 05, 2006, 08:12 PM
I've been reading up on SHA1, in order to better understand what CheckRevision is doing, and I see that it's taking one parameter from the stack - pointer to the data to be sha1'd. Does SHA1 only take one parameter, and create the 160-bit digest simply based on that alone? Or, is there other factors that can influence the output of this? It looks like lockdown is incrementing a second argument, the value returned from storm.350, while it loops around the SHA1 function, as well as inside of the SHA1 function. It SHA1'd the data three times.
Title: Re: SHA1 Question
Post by: Joe[x86] on November 05, 2006, 09:31 PM
If I understand correctly, it's like MD5. It hashes the data, and that's it. If you wanted to hash it with a "key" or "seed", it'd be perfectly legit to append or preappend that directly onto the data, though.

EDIT -
I don't know what storm.350 does, but I bet it's a seed of some sort, or makes a seed from the server/client tokens or something. But then again if CheckRevision()'s signature didn't change then you couldn't be passing the tokens to it in the first place..
Title: Re: SHA1 Question
Post by: warz on November 05, 2006, 09:51 PM
Well, after looking at an actual sha1 implementation in C, it looks like the value returned from storm.350, or from within storm.350, is one of the parameters for SHA1Transform.
Title: Re: SHA1 Question
Post by: Ersan on November 09, 2006, 06:30 PM
Quote from: Joex86] link=topic=15988.msg160853#msg160853 date=1162783911]If I understand correctly, it's like MD5. It hashes the data, and that's it. If you wanted to hash it with a "key" or "seed", it'd be perfectly legit to append or preappend that directly onto the data, though.

This is called salting, and it's very likely that this is what it's doing.
salt = seed
Try:
SHA1 ( salt + value )
or
SHA1 ( value + salt )
or
SHA1 ( salt + value + salt )

Most common usage.
Title: Re: SHA1 Question
Post by: UserLoser on November 09, 2006, 06:41 PM
Quote from: warz on November 05, 2006, 09:51 PM
Well, after looking at an actual sha1 implementation in C, it looks like the value returned from storm.350, or from within storm.350, is one of the parameters for SHA1Transform.

You don't have to worry about SHA1Transform, only SHA1Init (no brainer), SHA1Update and SHA1Final.  SHA1Update calls SHA1Transform for you
Title: Re: SHA1 Question
Post by: warz on November 09, 2006, 08:28 PM
Yes. Also, it doesn't appear to be using a salt.
Text only | Text with Images