Can you check my hash algorithm?

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

Can you check my hash algorithm?

Post by barneystinson19 on Fri Apr 05, 2013 9:40 am
([msg=74928]see Can you check my hash algorithm?[/msg])

Hi! I made a new hash algorithm can you check it for collisions and vulnerabilitys please?
Thanks! :D
Some hash values:
abc => 0HZ|~Xi\|^YNvoHk
abcd => 2f`C|xizUCUwiSRM
aba => 9jx`x\ERbJEmjEaU
baa => 6nHPlxkjxXAMRIMM
aab => 1jLdvvyPpVIinSMK
0123456789 => 9Xx^PcudsU{guwPE

Vb.net
Code: Select all
Public Function EncryptionforHash(ByVal str As String)
        Dim result = ""
        Dim sum = 0
        Dim islem = 0
        Dim asci = 0
        For Each harf In str
            asci = Asc(harf)
            sum += asci
            islem = ((asci + 48) Xor (sum * 2)) Mod 126
            If islem < 64 Then
                islem += 64
            End If
            result += Chr(islem)
        Next
        Return result
    End Function
   
    Public Function _Fix(ByVal input As String, ByVal length As Integer)
        Dim sum = input.Length
        If input.Length < length Then
            While input.Length < length
                sum = sum Xor sum * 2
                input = input.PadRight(input.Length + 1, sum.ToString)
            End While
        ElseIf input.Length > length Then
            While input.Length > length
                Dim islem = (Asc(input.Substring(0, 1)) Xor Asc(input.Substring(1, 1))) Mod 126

                input = input.Replace(input.Substring(0, 1) + input.Substring(1, 1), islem)
            End While
        End If
        Return input
    End Function
   
    Public Function Hashing(ByVal input As String)
        input = _Fix(input, 32)
        Dim enc = EncryptionforHash(input)
        Dim output = ""
        For Each karakter As Char In enc
            output += EncryptionforHash(EncryptionforHash(karakter) + EncryptionforHash(Asc(karakter)))
        Next
        output = EncryptionforHash(output)
        output = _Fix(output, 16)
        Return output
    End Function


C# (converted online)
Code: Select all
public object EncryptionforHash(string str)
{
   dynamic result = "";
   dynamic sum = 0;
   dynamic islem = 0;
   dynamic asci = 0;
   foreach (object harf_loopVariable in str) {
      harf = harf_loopVariable;
      asci = Strings.Asc(harf);
      sum += asci;
      islem = ((asci + 48) ^ (sum * 2)) % 126;
      if (islem < 64) {
         islem += 64;
      }
      result += Strings.Chr(islem);
   }
   return result;
}

public object _Fix(string input, int length)
{
   dynamic sum = input.Length;
   if (input.Length < length) {
      while (input.Length < length) {
         sum = sum ^ sum * 2;
         input = input.PadRight(input.Length + 1, sum.ToString());
      }
   } else if (input.Length > length) {
      while (input.Length > length) {
         dynamic islem = (Strings.Asc(input.Substring(0, 1)) ^ Strings.Asc(input.Substring(1, 1))) % 126;

         input = input.Replace(input.Substring(0, 1) + input.Substring(1, 1), islem);
      }
   }
   return input;
}

public object Hashing(string input)
{
   input = _Fix(input, 32);
   dynamic enc = EncryptionforHash(input);
   dynamic output = "";
   foreach (char karakter in enc) {
      output += EncryptionforHash(EncryptionforHash(karakter) + EncryptionforHash(Strings.Asc(karakter)));
   }
   output = EncryptionforHash(output);
   output = _Fix(output, 16);
   return output;
}
Last edited by barneystinson19 on Sat Apr 06, 2013 1:20 pm, edited 2 times in total.
"Ömür dediğin üç gündür, dün geldi geçti yarın meçhuldür…O halde ömür dediğin bir gündür,o da bugündür…."
User avatar
barneystinson19
Experienced User
Experienced User
 
Posts: 50
Joined: Fri Nov 02, 2012 3:49 pm
Blog: View Blog (0)


Re: Can you check my hash algorithm?

Post by WallShadow on Fri Apr 05, 2013 8:24 pm
([msg=74935]see Re: Can you check my hash algorithm?[/msg])

please post some example hashes for strings so that we can observe valid output from the command. I'm going to try and redo the code in java or something else because VB.net and C# just aren't my cup of tea. please post some generic examples such as:

""
"a"
"abc"
"123"
"abcdefghijklmnopqrstuvwxyz1234567890"



im gonna try working on it tomorrow morning.

edit:

barney, the C# code isn't C# code, it's also the same exact code as you posted for the VB. please fix it or remove it.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 625
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: Can you check my hash algorithm?

Post by barneystinson19 on Sat Apr 06, 2013 1:17 pm
([msg=74958]see Re: Can you check my hash algorithm?[/msg])

Sorry for mistake I put the wrong code :D :roll: I changed the c# code :?
User avatar
barneystinson19
Experienced User
Experienced User
 
Posts: 50
Joined: Fri Nov 02, 2012 3:49 pm
Blog: View Blog (0)


Re: Can you check my hash algorithm?

Post by WallShadow on Sat Apr 06, 2013 8:10 pm
([msg=74974]see Re: Can you check my hash algorithm?[/msg])

barney, please don't use online converters, they don't work for shit. I tried the C# code, even with heavy modifications, i can't get it to compile properly. also, please post psuedo-code in the future, it's much easier to port it when it's universally readable.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 625
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: Can you check my hash algorithm?

Post by sordidarchetype on Mon Apr 15, 2013 9:19 am
([msg=75129]see Re: Can you check my hash algorithm?[/msg])

barneystinson19 wrote:Hi! I made a new hash algorithm can you check it for collisions and vulnerabilitys please?
Thanks! :D


Honestly, without a deep understanding of the math behind it, I wouldn't recommend trying to take on a task like this. You are bound to open yourself up to some serious security vulnerabilities.

That being said, a quick look at your code shows that you are constraining the input to 32 characters (already that opens you up to collisions) and then you process your plain and further constrain the output to 16 characters (applying further collision domains).

I don't think there's much of a need to even try to compile this. The implementation is flawed, and all of your operations seem very GPU-friendly, so collisions aside it would be very trivial to write a brute-forcer for this that would work at blazing speeds.

Honestly, MD5 is stronger than what you have presented here.

If you are just concerned about having a secure hashing method against attacks, I would recommend bcrypt using a high number of iterative rounds (say 10).
User avatar
sordidarchetype
New User
New User
 
Posts: 47
Joined: Wed Dec 22, 2010 12:46 pm
Blog: View Blog (0)


Re: Can you check my hash algorithm?

Post by Sc00bz on Mon Apr 15, 2013 10:53 pm
([msg=75137]see Re: Can you check my hash algorithm?[/msg])

Collision:
0000000000000000000000000000000J -> 0hRwnj@ErpsyjrXJ
0000000000000000000000000000000T -> 0hRwnj@ErpsyjrXJ

Also the security is very weak in most cases _Fix(output, 16) returns the last 15 characters of output with the first character being the Xor of all previous characters. The last 15 characters of output before _Fix is called only depend on the last four or five characters of the password along with two sums that are modulus 63.

Another problem is this can return binary data with byte values in the range 0 to 127, but this is rare.

Just remember the first rule about cryptography DON'T MAKE YOUR OWN and the second rule is DON'T IMPLEMENT ON YOUR OWN.
Sc00bz
New User
New User
 
Posts: 3
Joined: Mon Apr 15, 2013 10:23 pm
Blog: View Blog (0)



Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests