Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008839opensim[REGION] Script Functionspublic2020-12-29 01:092021-07-18 11:55
ReporterKayaker Magic 
Assigned To 
PlatformDEL T1400 towerOperating SystemUbuntuOperating System Version16.04
Product Version 
Target VersionFixed in Version 
Summary0008839: Added a new function osSHA256
DescriptionSince even LL deprecates their own llMD5String and llSHA1String functions, I felt the need for a better hashing function. C# already knows how to do SHA256 hashing, so I just added an OSSL function to call it.
string osSHA256(string src);
Patch included below to add this to the OSSL functions. No threat level, I don't test for that or the OSSL Allow flags, just always works.
Additional Information//Sample LSL program to test osSHA256
            //foobar gets hashed into c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2
            //according to the linux sha256sum command line:
            //echo -n foobar | sha256sum
TagsNo tags attached.
Git Revision or version number
Run Mode Grid (Multiple Regions per Sim)
Physics EngineubODE
Script EngineYEngine
EnvironmentMono / Linux64
Mono Version6.x
Attached Filespatch file icon osSHA256.patch [^] (3,483 bytes) 2020-12-29 01:09 [Show Content]

- Relationships

-  Notes
UbitUmarov (administrator)
2020-12-29 05:42

thanks, on master

note that the patch included tabs, banned from our code
we use 4 spaces.
you can set your editor for c# to always do that, every time you enter tab.
we are not the only project with similar rule.
djphil (reporter)
2020-12-29 09:25
edited on: 2020-12-29 09:29

// osSHA384

        public string osSHA384(string input)
            // Create a SHA384
            using (SHA384 sha384Hash = SHA384.Create())
                // ComputeHash - returns byte array
                byte[] bytes = sha384Hash.ComputeHash(Encoding.UTF8.GetBytes(input));

                // Convert byte array to a string
                StringBuilder builder = new StringBuilder();
                for (int i = 0; i < bytes.Length; i++)
                return builder.ToString();

    string osSHA384(string input);


    public string osSHA384(string input)
        return m_OSSL_Functions.osSHA384(input);

djphil (reporter)
2020-12-29 09:25
edited on: 2020-12-29 09:28

// osSHA512

        public string osSHA512(string input)
            // Create a SHA512
            using (SHA512 sha512Hash = SHA512.Create())
                // ComputeHash - returns byte array
                byte[] bytes = sha512Hash.ComputeHash(Encoding.UTF8.GetBytes(input));

                // Convert byte array to a string
                StringBuilder builder = new StringBuilder();
                for (int i = 0; i < bytes.Length; i++)
                return builder.ToString();

    string osSHA512(string input);


    public string osSHA512(string input)
        return m_OSSL_Functions.osSHA512(input);

UbitUmarov (administrator)
2020-12-29 09:26

hold your horses :p
tampa (reporter)
2020-12-29 09:32

Wouldn't it make more sense to create osCrypt even osDeCrypt specifying which algo to use. Also, need to add a threat level to this even if lower than default, because at the end of the day cryption can be heavy if you run a ton of them at once, even simple ssl adds 20% webserver overhead, would imagine this can easily be used like a zip bomb or flood attack.
djphil (reporter)
2020-12-29 09:43

I like your idea of a generic hash function that can accept multiple algorithms.

osHash("sha256, sha384, sha512, ..., string input);

tampa (reporter)
2020-12-29 11:12

Are that many even in that crypto namespace, I can only see md5, sha and aes or where did you get that list?
djphil (reporter)
2020-12-29 13:15
edited on: 2020-12-29 13:17 [^]
And yes, it is not Microsoft ...

tampa (reporter)
2020-12-29 16:13

php != c# so yeah, I did find md5, aes, rsa, sha and ecd, which I guess are useful, some of them even for decrypting, will have to see what can work.
Balpien (reporter)
2020-12-30 16:23

Can we please not make an architectural mistake and call a function by an ephemeral algorithm? We've done this several times: md5, des, sha1, sha2, etc.

This very nice hashing function should be generalized, as mentioned by others, to at the very least make the algorithm name a parameter, as in:
string hresult = osHash(string algoname, string data);

Otherwise, like in the past when sha256 falls, and that's a when not an if, the function NAME and index will have to be deprecated.
tampa (reporter)
2020-12-30 16:55

I got lost in actual encryption and decryption while doing that. Technically these functions aren't needed at all as hashing can be accomplished inside the script itself rather than requiring an OSSL function for it. The main difference is that the underlying C# is going to be much faster.

sha256 is still not anywhere near eol, neither is sha384. The main problem with just hashing is that a lot of these are vulnerable to expansion attack so even wrong hashes can return a match with some comparisons. While I doubt anyone would use this for anything critical some might.

That's also why I began work on proper encryption using keypairs. The problem with that is it can be rather slow and in itself remains vulnerable to memory attack. Not to mention moving the keypairs in a manner that doesn't expose them. A lot of headaches for questionable use.

To paraphrase, it was added because why not, but opening a big can just for this sort of thing... you are free to submit another patch though.
Balpien (reporter)
2020-12-30 19:29

They are needed since written in a script they would run at 1/5000th the speed of native code. That would significantly limit utility. Also hashing (and encryption) algorithms are ephemeral. There is plenty of history on that one. It is not good practice to canonicalize in the function name space ephemeral things. You can see the proper practice throughout industry and APIs.

- Issue History
Date Modified Username Field Change
2020-12-29 01:09 Kayaker Magic New Issue
2020-12-29 01:09 Kayaker Magic File Added: osSHA256.patch
2020-12-29 05:42 UbitUmarov Note Added: 0037417
2020-12-29 09:25 djphil Note Added: 0037420
2020-12-29 09:25 djphil Note Added: 0037421
2020-12-29 09:26 UbitUmarov Note Added: 0037422
2020-12-29 09:28 djphil Note Edited: 0037421 View Revisions
2020-12-29 09:29 djphil Note Edited: 0037420 View Revisions
2020-12-29 09:32 tampa Note Added: 0037423
2020-12-29 09:43 djphil Note Added: 0037424
2020-12-29 11:12 tampa Note Added: 0037426
2020-12-29 13:15 djphil Note Added: 0037427
2020-12-29 13:17 djphil Note Edited: 0037427 View Revisions
2020-12-29 16:13 tampa Note Added: 0037428
2020-12-30 16:23 Balpien Note Added: 0037431
2020-12-30 16:55 tampa Note Added: 0037432
2020-12-30 19:29 Balpien Note Added: 0037437
2021-07-18 11:55 Kayaker Magic Status new => resolved
2021-07-18 11:55 Kayaker Magic Resolution open => fixed

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker