* * *

Author Topic: HashLib4Pascal  (Read 12558 times)

Thaddy

  • Hero Member
  • *****
  • Posts: 6895
Re: HashLib4Pascal
« Reply #15 on: October 05, 2016, 10:45:59 am »
RTTI should never ever be used in security related code.
This library contains multiple "secure" hashes.
Is this really essential for this library?
Then it is unusable. Because that is runtime readable code.
There are many more alternatives that don't make that mistake.

Maybe I misunderstood. In that case please explain.
« Last Edit: October 05, 2016, 10:50:05 am by Thaddy »
Ada's daddy wrote this:"Fools are my theme, let satire be my song."

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #16 on: October 05, 2016, 12:10:41 pm »
I do not think disabling rtti is the best solution even though it works.
I do agree but we use RTTI in our project only for certain classes and that's why the hints have appeared.

according to your commit, I can see that only two units, hlpmurmur2 and hlpsiphash2_4 gives that hint?
please confirm if I am correct.
Yes, exactly.

thanks for confirming.
my next commit will fix the "inline hints" by adding "sysutils" to the specified units as done in your commit.

thanks.


Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #17 on: October 05, 2016, 12:15:41 pm »
RTTI should never ever be used in security related code.
This library contains multiple "secure" hashes.
Is this really essential for this library?
Then it is unusable. Because that is runtime readable code.
There are many more alternatives that don't make that mistake.

Maybe I misunderstood. In that case please explain.

lol, this library does not use rtti.
at least I don't.

Thaddy

  • Hero Member
  • *****
  • Posts: 6895
Re: HashLib4Pascal
« Reply #18 on: October 05, 2016, 12:31:33 pm »
Then it's ok.
I will look into its merits.
Ada's daddy wrote this:"Fools are my theme, let satire be my song."

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #19 on: October 06, 2016, 01:12:44 am »
Hello all,
I have made a commit that

removed generics usage (thanks Arnaud Bouchez).
some minor optimizations and refactoring.
fixed "inline hints" in Delphi 2010 (thanks Petr. Nehez).
some restructuring.
at least 10% speed improvements (especially on FreePascal).
minor fixes etc.

recommended update  :)

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #20 on: October 30, 2016, 08:30:37 pm »
Quote
v1.1 Release.

Below is a Summary of (but not limited to) changes in this release.

* optimizations and performance improvements in various hashes
especially those that descends from TBlockHash.
* fix for timing attack when comparing the internal state of hashes.

https://github.com/Xor-el/HashLib4Pascal

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #21 on: December 04, 2016, 10:01:58 pm »
** Optimizations in Various Hashes like Siphash, MurmurHash etc.

** Cleanup of Some Unused Methods.

** Fixed Some "Potential Bugs".

** Fixed a slowdown (for Delphi in SHA 2 based Hashes) that was introduced in the previous release.

** Various Improvements.

https://github.com/Xor-el/HashLib4Pascal
« Last Edit: December 04, 2016, 10:07:39 pm by Xor-el »

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #22 on: January 02, 2017, 10:59:28 am »
Just released v1.4 of this Library.

https://github.com/Xor-el/HashLib4Pascal

see github commits for change log since v1.1 release.  :P

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #23 on: May 28, 2018, 10:42:59 am »
Just released v2.4 of this Library.

https://github.com/Xor-el/HashLib4Pascal

added Streebog 256 and 512 hash (GOST3411_2012_256, GOST3411_2012_512)

see github commits for other change log since v1.4 release.  :P

Thaddy

  • Hero Member
  • *****
  • Posts: 6895
Re: HashLib4Pascal
« Reply #24 on: May 28, 2018, 11:07:11 am »
- There is still RTTI, which is not a good idea. I wasn't the only one to complain.
- There are some readability issues regarding string types:
You have a lot of {$ifdef FPC} to determine UnicodeString. you need only one per unit:
Code: Pascal  [Select]
  1. unit xxx
  2. {$ifdef fpc}{$mode delphiunicode}{$H+}{$endif}
  3. ....
  4. //One per unit! instead of one per codeblock
  5.  
That cleans things up a bit.....
Since you are trying to support both Delphi and FreePascal, try to limit the amount of ifdefs. They are likely not necessary when the compiler is in one of the Delphi modes.
I tested this with your repository on a couple of affected units and it looks much better. You can also do the above in your standard include file.
« Last Edit: May 28, 2018, 11:14:06 am by Thaddy »
Ada's daddy wrote this:"Fools are my theme, let satire be my song."

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #25 on: May 28, 2018, 11:13:19 am »
- There is still RTTI, which is not a good idea. I wasn't the only one to complain.
- There are some readability issues regarding string types:
You have a lot of {$ifdef FPC} to determine UnicodeString. you need only one per unit:
Code: Pascal  [Select]
  1. unit xxx
  2. {$ifdef fpc}{$mode delphiunicode}{$H+}{$endif}
  3. ....
  4. //One per unit! instead of one per codeblock
  5.  
That cleans things up a bit.....

can you please point out where RTTI was used?
I don't use RTTI except may be an RTL Unit like SysUtils calls it in.

Regarding the UncodeString stuff, will look into it.
Thanks for the tip.

Thaddy

  • Hero Member
  • *****
  • Posts: 6895
Re: HashLib4Pascal
« Reply #26 on: May 28, 2018, 11:16:30 am »
I added to my comment and our posts crossed when I was still testing. Plz read it again.
As for RTTI scan the code for published.
Ada's daddy wrote this:"Fools are my theme, let satire be my song."

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #27 on: May 28, 2018, 11:21:19 am »
I added to my comment and our posts crossed when I was still testing. Plz read it again.
As for RTTI scan the code for published.
thanks for replying.
so I just scanned the codebase for published.
it is only used in the test projects, as we all know, DUnit uses RTTI to find TestFixtures so unfortunately there is nothing I can really do about it.
The true codebase is not affected.
Thanks once again.
« Last Edit: May 28, 2018, 11:22:52 am by Xor-el »

ASBzone

  • Jr. Member
  • **
  • Posts: 78
  • Automation leads to relaxation...
    • BrainWaveCC Utilities
Re: HashLib4Pascal
« Reply #28 on: August 13, 2018, 03:25:19 am »
Xor-El,

Is there any way to only include the ciphers that are desired in a particular application?

I have several projects where I need only MD5, SHA1 and SHA2,  as an example, or SHA1, SHA2 and SHA3.

Currently, the only (or easiest) way to use the encyrption is HlpHashFactory, and that brings every hash algorithm into the mix.

Regards,

-ASB: https://www.BrainWaveCC.com

Lazarus 1.8.4 + FPC 3.0.4 (32-bit w/64-bit cross-compile)
Occasional testing of NewPascal
Windows 10 Pro x64, Version 1803 (Build 17134.228)

(Technically, I logon to these forums from multiple versions of Windows Pro/Enterprise...)

Xor-el

  • Full Member
  • ***
  • Posts: 161
Re: HashLib4Pascal
« Reply #29 on: August 13, 2018, 08:40:11 am »
Xor-El,

Is there any way to only include the ciphers that are desired in a particular application?

I have several projects where I need only MD5, SHA1 and SHA2,  as an example, or SHA1, SHA2 and SHA3.

Currently, the only (or easiest) way to use the encyrption is HlpHashFactory, and that brings every hash algorithm into the mix.

Regards,

yes it is very possible but why do you want to complicate things for yourself?
if it's because of size, don't worry, smartlinking in FreePascal removes unused details in the final binary.

well to answer your question, you can do this.

Code: Pascal  [Select]
  1. uses
  2. SysUtils,
  3. HlpIHash,
  4. HlpMD5;
  5.  
  6. var
  7. MD5Hash: IHash;
  8. Value : TBytes;
  9. begin
  10.  
  11. MD5Hash := TMD5.Create();
  12. Value := MD5Hash.ComputeBytes(TBytes.Create($01, $02));
  13.  
  14. end.
  15.  

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus