Re: [Harbour] Harbour SHA2 and SHA2-HMAC support

Sun, 18 Jan 2009 17:21:31 -0800 

Hi,
I didn't deal with SHA1 because it isn't considered safe anymore (just like MD5). It can easily be added, given we find an implementation with a Harbour compatible licence.
MD5 and SHA1 is still used in many standards. You can use stronger hashing in your application, but you'll need these for compatibility, ex. CRAM-MD5 (using MD5 HMAC) is used in IMAP, see: http://www.isi.edu/in-notes/rfc2195.txt
I do not know SHA1 details, but MD5 HMAC is still safe. MD5 is broken via birthday attack, but not MD5 HMAC. But perhaps it could be done in a few years... 


Personally, I'd also welcome AES in Harbour.

    3) HMAC calculation is algorithm independent from hasing. Maybe we
    can have universal HB_HMAC() instead of HB_*_HMAC(),
    I guess code is:
    FUNC HB_HMAC(fHash, cMessage, cKey)
      IF LEN(cKey) > 64;   cKey := HB_HexToStr(EVAL(fHash, cKey))
      ENDIF
      cKey := PADR(cKey, 64, CHR(0))
    RETURN EVAL(fHash, HB_STRXOR(cKey, 0x5C) + ;
                      EVAL(fHash, HB_STRXOR(cKey, 0x36) + cMessage))


Good idea, but I'm personally lost with the details here :)
The proposed above HB_HMAC() is full implementation of HMAC. Just see: http://en.wikipedia.org/wiki/HMAC It is independent from hashing algorithm. It can calculate any HMAC: 
  cSHA256HMAC := HB_HMAC(@HB_SHA256, cMessage, cKey)
  cMD5HMAC := HB_HMAC(@HB_MD5, cMessage, cKey)
etc.
Maybe I should change the names to HB_HMAC_SHA*() from HB_SHA*_HMAC() as a small step, should I? 
    4) If there are some licence problem, we can find public domain
    implementations. I guess rfc or standarts implementation is also
    free by some mean;


A public domain one would be great, but couldn't find any.
http://www.cryptopp.com/ source are public domain, but it's C++. I also think it is not difficult to implement using algorithm description. 



    5) I'm starting to think about some generic HB_CRYPT*() library. I
    should stop think :)

Just go ahead :)
You've mentioned AES. Here I think we will need also some hb_crypt*() functions to separate block cipher mode (ECB, CBC, PCBC, CFB, OFB) from cipher itself (AES, DES, Blowfish, etc), just like I suggest to separate HMAC algorithm from hashing algorithm. 


Regards,
Mindaugas
_______________________________________________
Harbour mailing list
Harbour@harbour-project.org
http://lists.harbour-project.org/mailman/listinfo/harbour

Reply via email to