Page 1 of 1

### Can you check my hash algorithm?

Posted: Fri Apr 05, 2013 9:40 am
Hi! I made a new hash algorithm can you check it for collisions and vulnerabilitys please?
Thanks!
Some hash values:
abc => 0HZ|~Xi\|^YNvoHk
abcd => 2f`C|xizUCUwiSRM
aba => 9jx`x\ERbJEmjEaU
baa => 6nHPlxkjxXAMRIMM
aab => 1jLdvvyPpVIinSMK
0123456789 => 9Xx^PcudsU{guwPE

Vb.net
Code: Select all
`Public Function EncryptionforHash(ByVal str As String)        Dim result = ""        Dim sum = 0        Dim islem = 0        Dim asci = 0        For Each harf In str            asci = Asc(harf)            sum += asci            islem = ((asci + 48) Xor (sum * 2)) Mod 126            If islem < 64 Then                islem += 64            End If            result += Chr(islem)        Next        Return result    End Function       Public Function _Fix(ByVal input As String, ByVal length As Integer)        Dim sum = input.Length        If input.Length < length Then            While input.Length < length                sum = sum Xor sum * 2                input = input.PadRight(input.Length + 1, sum.ToString)            End While        ElseIf input.Length > length Then            While input.Length > length                Dim islem = (Asc(input.Substring(0, 1)) Xor Asc(input.Substring(1, 1))) Mod 126                input = input.Replace(input.Substring(0, 1) + input.Substring(1, 1), islem)            End While        End If        Return input    End Function       Public Function Hashing(ByVal input As String)        input = _Fix(input, 32)        Dim enc = EncryptionforHash(input)        Dim output = ""        For Each karakter As Char In enc            output += EncryptionforHash(EncryptionforHash(karakter) + EncryptionforHash(Asc(karakter)))        Next        output = EncryptionforHash(output)        output = _Fix(output, 16)        Return output    End Function`

C# (converted online)
Code: Select all
`public object EncryptionforHash(string str){   dynamic result = "";   dynamic sum = 0;   dynamic islem = 0;   dynamic asci = 0;   foreach (object harf_loopVariable in str) {      harf = harf_loopVariable;      asci = Strings.Asc(harf);      sum += asci;      islem = ((asci + 48) ^ (sum * 2)) % 126;      if (islem < 64) {         islem += 64;      }      result += Strings.Chr(islem);   }   return result;}public object _Fix(string input, int length){   dynamic sum = input.Length;   if (input.Length < length) {      while (input.Length < length) {         sum = sum ^ sum * 2;         input = input.PadRight(input.Length + 1, sum.ToString());      }   } else if (input.Length > length) {      while (input.Length > length) {         dynamic islem = (Strings.Asc(input.Substring(0, 1)) ^ Strings.Asc(input.Substring(1, 1))) % 126;         input = input.Replace(input.Substring(0, 1) + input.Substring(1, 1), islem);      }   }   return input;}public object Hashing(string input){   input = _Fix(input, 32);   dynamic enc = EncryptionforHash(input);   dynamic output = "";   foreach (char karakter in enc) {      output += EncryptionforHash(EncryptionforHash(karakter) + EncryptionforHash(Strings.Asc(karakter)));   }   output = EncryptionforHash(output);   output = _Fix(output, 16);   return output;}`

### Re: Can you check my hash algorithm?

Posted: Fri Apr 05, 2013 8:24 pm
please post some example hashes for strings so that we can observe valid output from the command. I'm going to try and redo the code in java or something else because VB.net and C# just aren't my cup of tea. please post some generic examples such as:

""
"a"
"abc"
"123"
"abcdefghijklmnopqrstuvwxyz1234567890"

im gonna try working on it tomorrow morning.

edit:

barney, the C# code isn't C# code, it's also the same exact code as you posted for the VB. please fix it or remove it.

### Re: Can you check my hash algorithm?

Posted: Sat Apr 06, 2013 1:17 pm
Sorry for mistake I put the wrong code I changed the c# code

### Re: Can you check my hash algorithm?

Posted: Sat Apr 06, 2013 8:10 pm
barney, please don't use online converters, they don't work for shit. I tried the C# code, even with heavy modifications, i can't get it to compile properly. also, please post psuedo-code in the future, it's much easier to port it when it's universally readable.

### Re: Can you check my hash algorithm?

Posted: Mon Apr 15, 2013 9:19 am
barneystinson19 wrote:Hi! I made a new hash algorithm can you check it for collisions and vulnerabilitys please?
Thanks!

Honestly, without a deep understanding of the math behind it, I wouldn't recommend trying to take on a task like this. You are bound to open yourself up to some serious security vulnerabilities.

That being said, a quick look at your code shows that you are constraining the input to 32 characters (already that opens you up to collisions) and then you process your plain and further constrain the output to 16 characters (applying further collision domains).

I don't think there's much of a need to even try to compile this. The implementation is flawed, and all of your operations seem very GPU-friendly, so collisions aside it would be very trivial to write a brute-forcer for this that would work at blazing speeds.

Honestly, MD5 is stronger than what you have presented here.

If you are just concerned about having a secure hashing method against attacks, I would recommend bcrypt using a high number of iterative rounds (say 10).

### Re: Can you check my hash algorithm?

Posted: Mon Apr 15, 2013 10:53 pm
Collision:
0000000000000000000000000000000J -> 0hRwnj@ErpsyjrXJ
0000000000000000000000000000000T -> 0hRwnj@ErpsyjrXJ

Also the security is very weak in most cases _Fix(output, 16) returns the last 15 characters of output with the first character being the Xor of all previous characters. The last 15 characters of output before _Fix is called only depend on the last four or five characters of the password along with two sums that are modulus 63.

Another problem is this can return binary data with byte values in the range 0 to 127, but this is rare.

Just remember the first rule about cryptography DON'T MAKE YOUR OWN and the second rule is DON'T IMPLEMENT ON YOUR OWN.