Page 1 of 1

Can you check my hash algorithm?

PostPosted: Fri Apr 05, 2013 9:40 am
by barneystinson19
Hi! I made a new hash algorithm can you check it for collisions and vulnerabilitys please?
Thanks! :D
Some hash values:
abc => 0HZ|~Xi\|^YNvoHk
abcd => 2f`C|xizUCUwiSRM
aba => 9jx`x\ERbJEmjEaU
baa => 6nHPlxkjxXAMRIMM
aab => 1jLdvvyPpVIinSMK
0123456789 => 9Xx^PcudsU{guwPE

Vb.net
Code: Select all
Public Function EncryptionforHash(ByVal str As String)
        Dim result = ""
        Dim sum = 0
        Dim islem = 0
        Dim asci = 0
        For Each harf In str
            asci = Asc(harf)
            sum += asci
            islem = ((asci + 48) Xor (sum * 2)) Mod 126
            If islem < 64 Then
                islem += 64
            End If
            result += Chr(islem)
        Next
        Return result
    End Function
   
    Public Function _Fix(ByVal input As String, ByVal length As Integer)
        Dim sum = input.Length
        If input.Length < length Then
            While input.Length < length
                sum = sum Xor sum * 2
                input = input.PadRight(input.Length + 1, sum.ToString)
            End While
        ElseIf input.Length > length Then
            While input.Length > length
                Dim islem = (Asc(input.Substring(0, 1)) Xor Asc(input.Substring(1, 1))) Mod 126

                input = input.Replace(input.Substring(0, 1) + input.Substring(1, 1), islem)
            End While
        End If
        Return input
    End Function
   
    Public Function Hashing(ByVal input As String)
        input = _Fix(input, 32)
        Dim enc = EncryptionforHash(input)
        Dim output = ""
        For Each karakter As Char In enc
            output += EncryptionforHash(EncryptionforHash(karakter) + EncryptionforHash(Asc(karakter)))
        Next
        output = EncryptionforHash(output)
        output = _Fix(output, 16)
        Return output
    End Function


C# (converted online)
Code: Select all
public object EncryptionforHash(string str)
{
   dynamic result = "";
   dynamic sum = 0;
   dynamic islem = 0;
   dynamic asci = 0;
   foreach (object harf_loopVariable in str) {
      harf = harf_loopVariable;
      asci = Strings.Asc(harf);
      sum += asci;
      islem = ((asci + 48) ^ (sum * 2)) % 126;
      if (islem < 64) {
         islem += 64;
      }
      result += Strings.Chr(islem);
   }
   return result;
}

public object _Fix(string input, int length)
{
   dynamic sum = input.Length;
   if (input.Length < length) {
      while (input.Length < length) {
         sum = sum ^ sum * 2;
         input = input.PadRight(input.Length + 1, sum.ToString());
      }
   } else if (input.Length > length) {
      while (input.Length > length) {
         dynamic islem = (Strings.Asc(input.Substring(0, 1)) ^ Strings.Asc(input.Substring(1, 1))) % 126;

         input = input.Replace(input.Substring(0, 1) + input.Substring(1, 1), islem);
      }
   }
   return input;
}

public object Hashing(string input)
{
   input = _Fix(input, 32);
   dynamic enc = EncryptionforHash(input);
   dynamic output = "";
   foreach (char karakter in enc) {
      output += EncryptionforHash(EncryptionforHash(karakter) + EncryptionforHash(Strings.Asc(karakter)));
   }
   output = EncryptionforHash(output);
   output = _Fix(output, 16);
   return output;
}

Re: Can you check my hash algorithm?

PostPosted: Fri Apr 05, 2013 8:24 pm
by WallShadow
please post some example hashes for strings so that we can observe valid output from the command. I'm going to try and redo the code in java or something else because VB.net and C# just aren't my cup of tea. please post some generic examples such as:

""
"a"
"abc"
"123"
"abcdefghijklmnopqrstuvwxyz1234567890"



im gonna try working on it tomorrow morning.

edit:

barney, the C# code isn't C# code, it's also the same exact code as you posted for the VB. please fix it or remove it.

Re: Can you check my hash algorithm?

PostPosted: Sat Apr 06, 2013 1:17 pm
by barneystinson19
Sorry for mistake I put the wrong code :D :roll: I changed the c# code :?

Re: Can you check my hash algorithm?

PostPosted: Sat Apr 06, 2013 8:10 pm
by WallShadow
barney, please don't use online converters, they don't work for shit. I tried the C# code, even with heavy modifications, i can't get it to compile properly. also, please post psuedo-code in the future, it's much easier to port it when it's universally readable.

Re: Can you check my hash algorithm?

PostPosted: Mon Apr 15, 2013 9:19 am
by sordidarchetype
barneystinson19 wrote:Hi! I made a new hash algorithm can you check it for collisions and vulnerabilitys please?
Thanks! :D


Honestly, without a deep understanding of the math behind it, I wouldn't recommend trying to take on a task like this. You are bound to open yourself up to some serious security vulnerabilities.

That being said, a quick look at your code shows that you are constraining the input to 32 characters (already that opens you up to collisions) and then you process your plain and further constrain the output to 16 characters (applying further collision domains).

I don't think there's much of a need to even try to compile this. The implementation is flawed, and all of your operations seem very GPU-friendly, so collisions aside it would be very trivial to write a brute-forcer for this that would work at blazing speeds.

Honestly, MD5 is stronger than what you have presented here.

If you are just concerned about having a secure hashing method against attacks, I would recommend bcrypt using a high number of iterative rounds (say 10).

Re: Can you check my hash algorithm?

PostPosted: Mon Apr 15, 2013 10:53 pm
by Sc00bz
Collision:
0000000000000000000000000000000J -> 0hRwnj@ErpsyjrXJ
0000000000000000000000000000000T -> 0hRwnj@ErpsyjrXJ

Also the security is very weak in most cases _Fix(output, 16) returns the last 15 characters of output with the first character being the Xor of all previous characters. The last 15 characters of output before _Fix is called only depend on the last four or five characters of the password along with two sums that are modulus 63.

Another problem is this can return binary data with byte values in the range 0 to 127, but this is rare.

Just remember the first rule about cryptography DON'T MAKE YOUR OWN and the second rule is DON'T IMPLEMENT ON YOUR OWN.