B4J Library [BANanoHashes] 4 Types 4 Algorithm Plus 1

Mashiane

Expert
Licensed User
Ola

Download

Things to note...

  • DO NOT USE MD5, SHA1 for your secure applications e.g. ditigal signatures
  • YOU CAN USE SHA-2 i.e. SHA256, SHA512
  • ANY HASH IS CRACKABLE, (EASIER FOR MD5 and SHA1) AND MORE HARDER IF IT HAS A "SALT"
  • THE MOST ADVANCED ENCRYPTION IS BCRYPT.

What is a CHF?

A cryptographic hash function (CHF) is a hash function that is suitable for use in cryptography. It is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit string of a fixed size (the "hash value", "hash", or "message digest") and is a one-way function, that is, a function which is practically infeasible to invert.[1] Ideally, the only way to find a message that produces a given hash is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes. Cryptographic hash functions are a basic tool of modern cryptography.[2]

The ideal cryptographic hash function has the following main properties:

  • it is deterministic, meaning that the same message always results in the same hash
  • it is quick to compute the hash value for any given message
  • it is infeasible to generate a message that yields a given hash value
  • it is infeasible to find two different messages with the same hash value
  • a small change to a message should change the hash value so extensively that the new hash value appears uncorrelated with the old hash value (avalanche effect) [3]
Cryptographic hash functions have many information-security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. Indeed, in information-security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values, even though all these terms stand for more general functions with rather different properties and purposes. (Wikipedia)​

I first started looking at hashing on this post, https://www.b4x.com/android/forum/threads/banano-getting-the-md5-hash-of-a-string.112108/#content.

As it stands the MD5 hashing is deprecated to due its risks associated with being crackable (brute force, hashtables etc).

The plus 1 on this thread is taking a look at bcrypt.

Let's add this to our BANano Project:

B4X:
BANano.Header.AddJavascriptFile("hashes.min.js")
    BANano.Header.AddJavascriptFile("bCrypt.js")
 
Last edited:

Mashiane

Expert
Licensed User
HEX Hashes

B4X:
Dim bHashes As BANanoHashes
    bHashes.initialize("This is a sample text!", "TheMash")
    Log("md5 - hex")
    Log(bHashes.Hash(bHashes.HASH_MD5, bHashes.ALG_HEX))
    Log("sha1 - hex")
    Log(bHashes.Hash(bHashes.HASH_SHA1, bHashes.ALG_HEX))
    Log("sha256 - hex")
    Log(bHashes.Hash(bHashes.HASH_SHA256, bHashes.ALG_HEX))
    Log("sha512 - hex")
    Log(bHashes.Hash(bHashes.HASH_SHA512, bHashes.ALG_HEX))
    Log("rmd160 - hex")
    Log(bHashes.Hash(bHashes.HASH_RMD160, bHashes.ALG_HEX))
OUTPUT

B4X:
md5 - hex
4247cc19330749b5ffedc1c36d8a48b1
sha1 - hex
a7594774ecf9f07a832780c9c0d974773e1cccd2
sha256 - hex
db76c1c598be93e2439e2af15b0cddae261757a2bacfd4ad2ff5fe06b96c1895
sha512 - hex
62e068d1c25e2afb8607f0d545b5bfabb3a8d73f8a88a2cdd82835b63b254d025eeba059565e2cd925b64045b2505e52fb2466c2ce5d961d1f5852273fca6666
rmd160 - hex
068c68a3d676ed556e300ebba5c5eb6c030f8603
 

Mashiane

Expert
Licensed User
B64 HASHES

B4X:
Log("md5 - b64")
    Log(bHashes.Hash(bHashes.HASH_MD5, bHashes.ALG_B64))
    Log("sha1 - b64")
    Log(bHashes.Hash(bHashes.HASH_SHA1, bHashes.ALG_B64))
    Log("sha256 - b64")
    Log(bHashes.Hash(bHashes.HASH_SHA256, bHashes.ALG_B64))
    Log("sha512 - b64")
    Log(bHashes.Hash(bHashes.HASH_SHA512, bHashes.ALG_B64))
    Log("rmd160 - b64")
    Log(bHashes.Hash(bHashes.HASH_RMD160, bHashes.ALG_B64))
OUTPUT

B4X:
md5 - b64
QkfMGTMHSbX/7cHDbYpIsQ==
sha1 - b64
p1lHdOz58HqDJ4DJwNl0dz4czNI=
sha256 - b64
23bBxZi+k+JDnirxWwzdriYXV6K6z9StL/X+BrlsGJU=
sha512 - b64
YuBo0cJeKvuGB/DVRbW/q7Oo1z+KiKLN2Cg1tjslTQJe66BZVl4s2SW2QEWyUF5S+yRmws5dlh0fWFInP8pmZg==
rmd160 - b64
Boxoo9Z27VVuMA67pcXrbAMPhgM=
 

Mashiane

Expert
Licensed User
HEX_HMAC

B4X:
Log("md5 - hex_hmac")
    Log(bHashes.Hash(bHashes.HASH_MD5, bHashes.ALG_HEX_HMAC))
    Log("sha1 - hex_hmac")
    Log(bHashes.Hash(bHashes.HASH_SHA1, bHashes.ALG_HEX_HMAC))
    Log("sha256 - hex_hmac")
    Log(bHashes.Hash(bHashes.HASH_SHA256, bHashes.ALG_HEX_HMAC))
    Log("sha512 - hex_hmac")
    Log(bHashes.Hash(bHashes.HASH_SHA512, bHashes.ALG_HEX_HMAC))
    Log("rmd160 - hex_hmac")
    Log(bHashes.Hash(bHashes.HASH_RMD160, bHashes.ALG_HEX_HMAC))
OUTPUT

B4X:
md5 - hex_hmac
204cc409d11f03c0ac3042329fbeda9e
sha1 - hex_hmac
4d3af35c815ad26f621bbf55512bd491b4d1d80b
sha256 - hex_hmac
93d98054d8329d53c2988027d9d1beb72ca3c0180400256036542e6d1e8b755a
sha512 - hex_hmac
d5f0611429725d294f5d5032f8d88c3d0b109dcaf67184943075cd6aed16fff4b7ee9fd24e6bf58584fbd4171706a64e8c7c6e4fdf34585b5fdaeef8d828b470
rmd160 - hex_hmac
9d1e3ffc73b14b23b73903713e2bec8213e19d85
 

Mashiane

Expert
Licensed User
B64_HMAC

B4X:
Log("md5 - b64_hmac")
    Log(bHashes.Hash(bHashes.HASH_MD5, bHashes.ALG_b64_HMAC))
    Log("sha1 - b64_hmac")
    Log(bHashes.Hash(bHashes.HASH_SHA1, bHashes.ALG_b64_HMAC))
    Log("sha256 - b64_hmac")
    Log(bHashes.Hash(bHashes.HASH_SHA256, bHashes.ALG_b64_HMAC))
    Log("sha512 - b64_hmac")
    Log(bHashes.Hash(bHashes.HASH_SHA512, bHashes.ALG_b64_HMAC))
    Log("rmd160 - b64_hmac")
    Log(bHashes.Hash(bHashes.HASH_RMD160, bHashes.ALG_b64_HMAC))
OUTPUT

B4X:
md5 - b64_hmac
IEzECdEfA8CsMEIyn77ang==
sha1 - b64_hmac
TTrzXIFa0m9iG79VUSvUkbTR2As=
sha256 - b64_hmac
k9mAVNgynVPCmIAn2dG+tyyjwBgEACVgNlQubR6LdVo=
sha512 - b64_hmac
1fBhFClyXSlPXVAy+NiMPQsQncr2cYSUMHXNau0W//S37p/STmv1hYT71BcXBqZOjHxuT980WFtf2u742Ci0cA==
rmd160 - b64_hmac
nR4//HOxSyO3OQNxPivsghPhnYU=
 

Mashiane

Expert
Licensed User
BCRYPT

You first generate a salt and then encrypt the input. A salt is always random and the more rounds the more harder to crack the hash.

B4X:
Log("bcrypt")
    'generate the salt
    Dim salt As String = bHashes.GenerateSalt(5)
    Log("salt: " & salt)
    bHashes.Hash1(salt, Me, "OfBcrypt")
B4X:
Sub OfBcrypt(hashed As String)
    Log(hashed)
End Sub

OUTPUT

B4X:
bcrypt
salt: $2a$05$zDW5l5rJDsETp9fTqTPbX.
$2a$05$zDW5l5rJDsETp9fTqTPbX.C5KdjbcAJv97dDvgbRrRA1/q6FFWO5a
 

Mashiane

Expert
Licensed User
BCRYPT - Verifying hashes.

Whilst BCRYPT will generate different hashes everytime, you can verify the accuracy of a hash to the original input you passed by using the generated hash. We use the same hash generated above to verify if all is true. For verification, the salt is not needed.

B4X:
'verify a hash
    Log("verify")
    bHashes.Verify("$2a$05$zDW5l5rJDsETp9fTqTPbX.C5KdjbcAJv97dDvgbRrRA1/q6FFWO5a", Me, "OnVerify")
B4X:
Sub OnVerify(res As String)
    Log(res)
End Sub
This will return true

That's it folks!
 
Top