SHA-256 in Pure Lua

CoolisTheName007, on 05 January 2013 - 01:04 PM said:

Maybe you were using a sha1 that didn't used the bit API? I adapted one to use it, I doubt that it will be slower.

Also, doing all in one function might seem cleaner, but since each internal function is re-made (not sure exactly of the terminology) each time you call sha244, it is actually worst efficiency-wise.

I have a bench marking module (github) that generates nice-looking results and comparisons between given functions; can't really spend time doing it now with sha.

GravityScore, on 05 January 2013 - 09:17 PM said:

Yes the SHA1 I was using wasn't yours that used the CC bit API. Maybe that will be faster - I'm not too concerned about speed with this.

GravityScore, on 05 January 2013 - 09:17 PM said:

"number is too large (maximum allowed: 2^32-1)"

GravityScore, on 05 January 2013 - 09:17 PM said:

Would it be better if I stored each function in a local variable? (like local band = function(int1, int2, int3, …)?)

CoolisTheName007, on 06 January 2013 - 04:22 AM said:

GravityScore, on 05 January 2013 - 09:17 PM said:

Would it be better if I stored each function in a local variable? (like local band = function(int1, int2, int3, …)?)

Yes, but outside the sha244 function, like

local function band(…

end

function sha244(…)

GravityScore, on 06 January 2013 - 05:13 AM said:

Just note this isn't supposed to be an API. I hate programs that make me install APIs. This is intended to be copied and pasted straight into code. I guess I can move the bit functions outside of the function though. I'll do it now! Thanks for the suggestion.

local stringToHash = "thisisapassword"
hash = sha256(stringToHash)

DiamondOwner, on 05 February 2013 - 09:46 AM said:

Thx GravityScore. Will global variables also work with the hash function? I'm planning to make my own small OS, may I use your hash code in my OS (I will give you credit.)? Are collisions with the hash "sha256" highly unlikely, unlikely, likely, or highly likely? This is to determine if encryption is required to keep people from reliably using rainbow tables to find out the password. What's the speed of the hash?

DiamondOwner, on 05 February 2013 - 09:46 AM said:

I'm new to Lua, so can you convert a program into a string, then hash the program?

DiamondOwner, on 05 February 2013 - 09:46 AM said:

Will this function (the hash) work in parallel.waitForAll? If you read to this part and have answered the above :D/> .

GravityScore, on 05 January 2013 - 09:17 PM said:

-snip-

Like I said in the OP, I would have used the local CC bit API, but I couldn't because it gave me the error "number is too large (maximum allowed: 2^32-1)", and it also did not have an implementation of right rotate (rrotate). Would it be better if I stored each function in a local variable? (like local band = function(int1, int2, int3, …)?)

KillaVanilla, on 10 February 2013 - 04:41 PM said:

I just moduloed (spelling?) pretty much every variable in the code by (2^32-1)

TheOriginalBIT, on 10 February 2013 - 05:19 PM said:

KillaVanilla, on 10 February 2013 - 04:41 PM said:

I just moduloed (spelling?) pretty much every variable in the code by (2^32-1)

I think it would be this?

I just used modulo
Or
I just used modulus

Linearus, on 22 March 2013 - 10:32 PM said:

Thanks! Also do I have permission to use it in a little side project. If you don't reply I'll take it as a yes. It saves you the typing. xD

GravityScore, on 05 January 2013 - 09:38 AM said:

In regards to copyright: both of these sources allow the free use of the code in them - they do not require you to include credits or licenses (to be honest, they aren't very clear about who exactly wrote them…).

TheOriginalBIT, on 22 March 2013 - 10:35 PM said:

Linearus, on 22 March 2013 - 10:32 PM said:

Thanks! Also do I have permission to use it in a little side project. If you don't reply I'll take it as a yes. It saves you the typing. xD

GravityScore, on 05 January 2013 - 09:38 AM said:

In regards to copyright: both of these sources allow the free use of the code in them - they do not require you to include credits or licenses (to be honest, they aren't very clear about who exactly wrote them…).

oxygencraft, on 18 November 2015 - 06:59 AM said:

How do i use this thing?

os.loadAPI("sha")
sha.sha256("my string")

Creator, on 18 November 2015 - 02:03 PM said:

os.loadAPI("sha")
sha.sha256("my string")

Creator, on 18 November 2015 - 02:43 PM said:

Yes, exactly. This is your code.

KingofGamesYami, on 18 November 2015 - 04:11 PM said:

Creator, on 18 November 2015 - 02:43 PM said:

Yes, exactly. This is your code.

You misunderstand. The code in the OP uses a local sha256 function, therefor when loaded as an API it will not be exposed and the code you posted will error with attempt to call nil.

Creator, on 18 November 2015 - 04:47 PM said:

In the paste it is local. What is strange is that I have that API and it is not local nor do I remember unlocalizing it. Well, to make it short, remove the local before sha256 is declared.

H4X0RZ, on 18 November 2015 - 04:53 PM said:

IMO it would be better to add these functions to your own script because otherwise some malware could modify the hash function so it returns always the same "hash" which would be a big security hole.

Anavrins, on 19 February 2016 - 09:41 PM said:

I ended up making my own take at implementing SHA256 in Lua and ended up being around 15x faster.
With some rough speed test I could only get up to 105 hash/sec, my implementation was able to get to 1500 hash/sec.
It's still not much compared to say, gpus, but it's quite something for CC.
I also noticed the same thing as Shazz, that any input that's (64*n)+55 bytes in length will produce the incorrect hash, I didn't go deep into the problem, but I know it's the pre-processing part that produces an incorrect padding.
That bug is not present in my implementation.
Here's the pastebin: 6UV4qfNF

Creator, on 19 February 2016 - 09:54 PM said:

Nice. If what you say is true, I might use it in my Delta networking framework.

Anavrins, on 19 February 2016 - 10:25 PM said:

Creator, on 19 February 2016 - 09:54 PM said:

Nice. If what you say is true, I might use it in my Delta networking framework.

Here's what I used to test the speed Pvy0zFXt
Usage is "speedtest old" and "speedtest new"

sci4me, on 20 February 2016 - 01:02 AM said:

I gotta say, a quick glance at the code, and, it looks great. I am curious to see if your bitop implementations are actually faster than the CC ones however.

Anavrins, on 19 February 2016 - 09:41 PM said:

I ended up making my own take at implementing SHA256 in Lua and ended up being around 15x faster. With some rough speed test I could only get up to 105 hash/sec, my implementation was able to get to 1500 hash/sec. It's still not much compared to say, gpus, but it's quite something for CC. I also noticed the same thing as Shazz, that any input that's (64*n)+55 bytes in length will produce the incorrect hash, I didn't go deep into the problem, but I know it's the pre-processing part that produces an incorrect padding. That bug is not present in my implementation. Here's the pastebin: 6UV4qfNF

local g=string.gsub sha256=loadstring(g(g(g(g(g(g(g(g('Sa=XbandSb=XbxWSc=XlshiftSd=unpackSe=2^32SYf(g,h)Si=g/2^hSj=i%1Ui-j+j*eVSYk(l,m)Sn=l/2^mUn-n%1VSo={0x6a09e667Tbb67ae85T3c6ef372Ta54ff53aT510e527fT9b05688cT1f83d9abT5be0cd19}Sp={0x428a2f98T71374491Tb5c0fbcfTe9b5dba5T3956c25bT59f111f1T923f82a4Tab1c5ed5Td807aa98T12835b01T243185beT550c7dc3T72be5d74T80deb1feT9bdc06a7Tc19bf174Te49b69c1Tefbe4786T0fc19dc6T240ca1ccT2de92c6fT4a7484aaT5cb0a9dcT76f988daT983e5152Ta831c66dTb00327c8Tbf597fc7Tc6e00bf3Td5a79147T06ca6351T14292967T27b70a85T2e1b2138T4d2c6dfcT53380d13T650a7354T766a0abbT81c2c92eT92722c85Ta2bfe8a1Ta81a664bTc24b8b70Tc76c51a3Td192e819Td6990624Tf40e3585T106aa070T19a4c116T1e376c08T2748774cT34b0bcb5T391c0cb3T4ed8aa4aT5b9cca4fT682e6ff3T748f82eeT78a5636fT84c87814T8cc70208T90befffaTa4506cebTbef9a3f7Tc67178f2}SYq(r,q)if e-1-r[1]<q then r[2]=r[2]+1;r[1]=q-(e-1-r[1])-1 else r[1]=r[1]+qVUrVSYs(t)Su=#t;t[#t+1]=0x80;while#t%64~=56Zt[#t+1]=0VSv=q({0,0},u*8)fWw=2,1,-1Zt[#t+1]=a(k(a(v[w]TFF000000),24)TFF)t[#t+1]=a(k(a(v[w]TFF0000),16)TFF)t[#t+1]=a(k(a(v[w]TFF00),8)TFF)t[#t+1]=a(v[w]TFF)VUtVSYx(y,w)Uc(y[w]W0,24)+c(y[w+1]W0,16)+c(y[w+2]W0,8)+(y[w+3]W0)VSYz(t,w,A)SB={}fWC=1,16ZB[C]=x(t,w+(C-1)*4)VfWC=17,64ZSD=B[C-15]SE=b(b(f(B[C-15],7),f(B[C-15],18)),k(B[C-15],3))SF=b(b(f(B[C-2],17),f(B[C-2],19)),k(B[C-2],10))B[C]=(B[C-16]+E+B[C-7]+F)%eVSG,h,H,I,J,j,K,L=d(A)fWC=1,64ZSM=b(b(f(J,6),f(J,11)),f(J,25))SN=b(a(J,j),a(Xbnot(J),K))SO=(L+M+N+p[C]+B[C])%eSP=b(b(f(G,2),f(G,13)),f(G,22))SQ=b(b(a(G,h),a(G,H)),a(h,H))SR=(P+Q)%e;L,K,j,J,I,H,h,G=K,j,J,(I+O)%e,H,h,G,(O+R)%eVA[1]=(A[1]+G)%e;A[2]=(A[2]+h)%e;A[3]=(A[3]+H)%e;A[4]=(A[4]+I)%e;A[5]=(A[5]+J)%e;A[6]=(A[6]+j)%e;A[7]=(A[7]+K)%e;A[8]=(A[8]+L)%eUAVUY(t)t=t W""t=type(t)=="string"and{t:byte(1,-1)}Wt;t=s(t)SA={d(o)}fWw=1,#t,64ZA=z(t,w,A)VU("%08x"):rep(8):format(d(A))V',"S"," local "),"T",",0x"),"U"," return "),"V"," end "),"W","or "),"X","bit32."),"Y","function "),"Z"," do "))()

3d6, on 29 February 2016 - 09:58 PM said:

I made it more compact!

Anavrins, on 01 March 2016 - 02:33 AM said:

3d6, on 29 February 2016 - 09:58 PM said:

I made it more compact!

Sweet :D/>, can I ask you what you used to compact it?

LoganDark, on 07 March 2016 - 08:58 PM said:

I'd be interested if you could implement bcrypt in Lua.

Creator, on 07 March 2016 - 09:50 PM said:

Anavrins, I am using implementation of the SHA256 algorithm, and am very happy with it. Can I distribute software on the CC forums that uses it?

Anavrins, on 07 March 2016 - 09:16 PM said:

LoganDark, on 07 March 2016 - 08:58 PM said:

I'd be interested if you could implement bcrypt in Lua.

I've been actually looking into implementing Blowfish and bcrypt in CC a few days ago, but note that that algorithm is designed to be slow and having it in CC will make it even slower.

LoganDark, on 07 March 2016 - 11:09 PM said:

Wouldn't that be perfect for password systems? It would take quite a bit longer to brute-force it.

Anavrins, on 07 March 2016 - 11:13 PM said:

LoganDark, on 07 March 2016 - 11:09 PM said:

Wouldn't that be perfect for password systems? It would take quite a bit longer to brute-force it.

You have to assume that if someone wants to crack a password that was found in a CC program, he will certainly not crack it from within CC.
Cracking outside of CC will always be faster, so might as well make them as fast as possible for convenient in-game use.
BCrypt has an argument that determine the cost factor, it won't be much before a cost factor get's too costly for CC to be any more useful against offline cracking, compared to SHA2 alone.

Anavrins, on 19 February 2016 - 09:41 PM said:

I ended up making my own take at implementing SHA256 in Lua and ended up being around 15x faster.
With some rough speed test I could only get up to 105 hash/sec, my implementation was able to get to 1500 hash/sec.
It's still not much compared to say, gpus, but it's quite something for CC.
I also noticed the same thing as Shazz, that any input that's (64*n)+55 bytes in length will produce the incorrect hash, I didn't go deep into the problem, but I know it's the pre-processing part that produces an incorrect padding.
That bug is not present in my implementation.
Here's the pastebin: 6UV4qfNF

LoganDark, on 29 March 2016 - 03:03 PM said:

It seems I'm having a little bit of an error trying to run your SHA algorithm after having an upcoming project of mine mostly finished.

Edit: just using sha256("msg")

Anavrins, on 29 March 2016 - 03:23 PM said:

LoganDark, on 29 March 2016 - 03:03 PM said:

Anavrins, on 19 February 2016 - 09:41 PM said:

I ended up making my own take at implementing SHA256 in Lua and ended up being around 15x faster.
With some rough speed test I could only get up to 105 hash/sec, my implementation was able to get to 1500 hash/sec.
It's still not much compared to say, gpus, but it's quite something for CC.
I also noticed the same thing as Shazz, that any input that's (64*n)+55 bytes in length will produce the incorrect hash, I didn't go deep into the problem, but I know it's the pre-processing part that produces an incorrect padding.
That bug is not present in my implementation.
Here's the pastebin: 6UV4qfNF

It seems I'm having a little bit of an error trying to run your SHA algorithm after having an upcoming project of mine mostly finished.

Edit: just using sha256("msg")

What CC version are you using, this implies that your using an older version of CC which does not contain bit32.
In any case you can replace the bit32 parts with bit, though I haven't tested it.

LoganDark, on 29 March 2016 - 03:24 PM said:

Yeah, I bet Mimic is using a different version.
Edit: bit doesn't have a bad lshift

Anavrins, on 29 March 2016 - 03:41 PM said:

LoganDark, on 29 March 2016 - 03:24 PM said:

Yeah, I bet Mimic is using a different version.
Edit: bit doesn't have a bad lshift

Ah yes, as much as I appreciate the work of it's dev, I find that mimic has a lot of issues.
There's nothing wrong with lshift, but definitely with rshift, with number approaching 2^32, I could only get correct results with my own implementation of it.
I ended up modifying the code so that it automatically uses bit if bit32 is not found, it's on the same pastebin link.

LoganDark, on 29 March 2016 - 03:49 PM said:

Well, that won't be a problem unless someone creates an extremely long password.

Waitdev_, on 17 May 2016 - 01:06 PM said:

It's so awesome that you made this, do you mind if i put this in my new program? I've given you a bit of credit and put a link to this thread, is there anything else that you want me to do or is it fine the way I've done it? Thanks.

Waitdev_, on 17 May 2016 - 01:06 PM said:

It's so awesome that you made this, do you mind if i put this in my new program? I've given you a bit of credit and put a link to this thread, is there anything else that you want me to do or is it fine the way I've done it? Thanks.