Both cryptography packages, the MHash and the HASH Message Digest Framework, have the same algorithms, and yet, they both sometimes to produce wildly different results from each other when applying the same algorithm to the same piece of data. The SHA-x algorithms, as designed by the NSA, all seem to have concrete standards for producing their hash values, so they have similar results. Even the two MD5 implementations produce identical results, and the same goes for Gost, RipeMD, CRC32, Whirlpool, Snefru256 (known as 'Snefru256' in MHash and simply 'Snefru' in HASH-MDF), and Tiger (the three-round versions in HASH-MDF to simply 'Tigerx' in MHash).
However, the algorithms CRC32B and Adler32 each produce different results when called from either MHash or HASH-MDF, possibly because they are hashing algorithms designed to be checksums rather than something that can produce a string as a unique identifier for a particular piece of information. For that reason, if you ever publish the hash results with the data you're putting out publicly, it's probably wise to indicate whether it's the MHash or HASH-MDF implementation of the algorithm. Otherwise, the hash value won't provide much use as a unique identifier for the particular piece of data or for the file.
Some example code to better explain what I mean :
<?php
// Author: holdoffhunger@gmail.com
// SHA-1 Hashing
// ---------------------------------------------------
$mhash_sha1_results = bin2hex(mhash(MHASH_SHA1, "secret"));
$hash_mdf_sha1_results = hash("sha1", "secret", FALSE);
print("MHash SHA-1: $mhash_sha1_results .<br>");
print("HASH-MDF SHA-1: $hash_mdf_sha1_results .<br><br>");
// Whirlpool Hashing
// ---------------------------------------------------
$mhash_whirlpool_results = bin2hex(mhash(MHASH_WHIRLPOOL, "secret"));
$hash_mdf_whirlpool_results = hash("whirlpool", "secret", FALSE);
print("MHash Whirlpool: $mhash_whirlpool_results .<br>");
print("HASH-MDF Whirlpool: $hash_mdf_whirlpool_results .<br><br>");
// CRC32B Hashing
// ---------------------------------------------------
$mhash_crc32b_results = bin2hex(mhash(MHASH_CRC32B, "secret"));
$hash_mdf_crc32b_results = hash("crc32b", "secret", FALSE);
print("MHash CRC32B: $mhash_crc32b_results .<br>");
print("HASH-MDF CRC32B: $hash_mdf_crc32b_results .<br><br>");
// Adler32 Hashing
// ---------------------------------------------------
$mhash_adler32_results = bin2hex(mhash(MHASH_ADLER32, "secret"));
$hash_mdf_adler32_results = hash("adler32", "secret", FALSE);
print("MHash Adler32: $mhash_adler32_results .<br>");
print("HASH-MDF Adler32: $hash_mdf_adler32_results .<br><br>");
?>
Expected Results :
........................
MHash SHA-1: e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 .
HASH-MDF SHA-1: e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 .
MHash Whirlpool: e061b87a674ae3880e159ab55ed35d6c5e8a6aefac6ab08304a50588018d377b28639bb15fdeedf006d57e45f7b4298e6dfefceaf7c92c826a708fe6d1156eb3 .
HASH-MDF Whirlpool: e061b87a674ae3880e159ab55ed35d6c5e8a6aefac6ab08304a50588018d377b28639bb15fdeedf006d57e45f7b4298e6dfefceaf7c92c826a708fe6d1156eb3 .
MHash CRC32B: e5e8a25c .
HASH-MDF CRC32B: 5ca2e8e5 .
MHash Adler32: 8702d108 .
HASH-MDF Adler32: 08d10287 .
Official Function Page: http://www.php.net/manual/en/function.mhash.php
// Note: All code appearing on the PHP Revolution blog by the blog owner is released under the Hacktivismo Enhanced-Source Software License Agreement (HESSLA), unless otherwise noted. http://www.hacktivismo.com/about/hessla.php
No comments:
Post a Comment