• Welcome to Valhalla Legends Archive.
 

Broken SHA-1 Differences

Started by Barabajagal, May 14, 2007, 05:39 PM

Previous topic - Next topic

Barabajagal

Ok, I'm trying to find out exactly what the differences are between Standard SHA-1 and Broken SHA-1, using examples from three languages. So far, I've found two things. First is the 0x40 byte null padding. Second is what appears to be byte trimming... by which I mean:
for(i = 0x10; i < 0x50; i++)
{
  dw = buf[i-0x10] ^ buf[i-0x8] ^ buf[i-0xE] ^ buf[i-0x3];
  buf[i] = (1 >>> (0x20 - (byte)dw)) | (1 << (byte) dw);
}

The (byte)dw part. However, these two changes alone don't seem to make Standard SHA into Broken SHA. I've looked over copies of the function in C++, Java, and VB6, but I still seem to be missing things. Would someone please shed some light on this for me?

warz

#1
not sure what the problem is. what is 'broken sha1'? are you referring to the implementation that checkrevision uses, or are you referring to any sha1 implementation that has differences from the standard implementation? if so, which specific one? if you're talking about the implementation that checkrevision has in place, the code for it, in C++, has already been made public, and the differences are within sha1final.

Barabajagal

#2
I'm talking about the one used in CDKey/Password hashing. That's what Broken SHA-1 has always been...

See:
Java: http://forum.valhallalegends.com/index.php?topic=6999.0
VB: http://forum.valhallalegends.com/index.php?topic=8531.0

warz

Quote from: RεalityRipplε on May 14, 2007, 06:01 PM
I'm talking about the one used in CDKey/Password hashing. That's what Broken SHA-1 has always been...

so, there's a standard broken SHA1 implementation? i would think the term broken would mean any modified SHA1 implementation, considering the amount of people that probably wouldn't honor such a name is probably pretty high. the fact is, there's tons of SHA1 implementations out there, and using the term broken isn't very specific.

but, i don't know anything about the pre-lockdown hashing functions. so no help here, sorry. :(

l2k-Shadow

#4
Quote from: RεalityRipplε on May 14, 2007, 06:01 PM
I'm talking about the one used in CDKey/Password hashing. That's what Broken SHA-1 has always been...

get yourself source code to bncsutil
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Barabajagal

Quote from: l2k-Shadow on May 14, 2007, 06:08 PM
Quote from: RεalityRipplε on May 14, 2007, 06:01 PM
I'm talking about the one used in CDKey/Password hashing. That's what Broken SHA-1 has always been...

get yourself source code to bncsutil

Already did that. I'm trying to find the differences, not get a copy of the code.

warz

#6
Quote from: RεalityRipplε on May 14, 2007, 06:09 PMAlready did that. I'm trying to find the differences, not get a copy of the code.

isn't that sort of ... what's the word? contradictory. :p

now, wouldn't comments help in this scenario, code poet? lol.

l2k-Shadow

so just compare the source for the regular hash with the codes you found, I don't understand your question.
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Barabajagal

I've been comparing them for three days. All I've found is the null-char buffer to 64 bytes and the byte cutoff.

warz

Quote from: RεalityRipplε on May 14, 2007, 06:13 PM
I've been comparing them for three days. All I've found is the null-char buffer to 64 bytes and the byte cutoff.

three days? now, doesn't this topic, and the majority of your posts in this topic make for an interesting discussion?

Barabajagal

not really? I can read the code just fine. I'm beginning to think it's an endian issue.

warz

Quote from: RεalityRipplε on May 14, 2007, 06:18 PM
not really? I can read the code just fine. I'm beginning to think it's an endian issue.

oh, so by read, you've always meant that you can visually see the screen. i always thought by 'read the code' you meant understand what it's telling you. interesting.

Barabajagal

#12
*sigh* i don't know why I even bother.

I read the code just fine. I understand what it says just fine. If you read through a book looking for the word rendezvous without knowing how it's spelled or what chapter it's in, it takes a while, even if you're a god damn English major (though if you're an English major, wtf are you doing not knowing how to spell rendezvous).


Edit: I think I was making it overly complicated. It should instead be something like this...
    For I = 16 To 79
        T = W(I - &H10) Xor W(I - &H8) Xor W(I - &HE) Xor W(I - &H3)
        If Broken Then
            W(I) = RoL(1, T)
        Else
            W(I) = RoL(T, 1)
        End If
    Next I

Warrior

Quote from: betawarz on May 14, 2007, 06:10 PM
Quote from: RεalityRipplε on May 14, 2007, 06:09 PMAlready did that. I'm trying to find the differences, not get a copy of the code.

isn't that sort of ... what's the word? contradictory. :p

now, wouldn't comments help in this scenario, code poet? lol.

WARZ I LOVE YOU.
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

UserLoser

Quote
... in SHA-1, thereare a number of bit rotate left ("ROL") operations. The Blizzard programmer responsible for implementing this apparently switched the two parameters in every call to ROL. That is, if there was a "#define ROL(a, b) (...)" macro, the programmer swapped the two arguments. This drastically reduces the securityof Battle.net password hashes, as most of the data being hashed ends up being zero bits. Because of the problem of incompatibility with previously created accounts, this system is still in use today. ...