I really give up
QnickQm at alum.mit.edu
QnickQm at alum.mit.edu
Wed Oct 2 17:56:17 CEST 2002
In article <anf1bj$vu$1 at news.tpi.pl>, piter wrote:
> Hey guys,
>
> I really give up! How to convert the following C function into python?
>
> //-----------------------------------------
> unsigned int
> make_hash(char *password, unsigned int seed)
> {
> unsigned int x, y, z;
>
> y = seed;
>
> for (x = 0; *password; password++) {
> x = (x & 0xffffff00) | *password;
> y ^= x;
> y += x;
> x <<= 8;
> y ^= x;
> x <<= 8;
> y -= x;
> x <<= 8;
> y ^= x;
>
> z = y & 0x1f;
> y = (y << z) | (y >> (32 - z));
> }
>
> return y;
> }
>
> //-----------------------------------------
>
> The obvious solution:
[...]
> produces odd result due to python's signed arithmetic.
One solution: use the low-order bytes of Python's long integers.
def make_hash(password, seed):
y = long(seed)
x = 0L
for ch in password:
x = (x & 0xffffff00L) | ord(ch)
y ^= x
y += x
x <<= 8
y ^= x
x <<= 8
y -= x
x <<= 8
y ^= x
z = int(y & 0x1f)
y &= 0xffffffffL
y = ((y << z) | ((y >> (32- z))))
return y & 0xffffffffL
Note however that this hashing algorithm is *not* secure. A decent desktop
takes less than 4 minutes to try 2**32 passwords with a given seed. Thus,
assuming that the hashing algorithm works, I can should be able to find
a password that hashes to any desired hash value for a given seed in that
amount of time. You may as well store the passwords in plaintext.
Instead, may I suggest the sha module?
Avoiding-roll-your-own-crypto-like-the-plague-ly y'rs,
--
Nick Mathewson <Q nick Q m at alum dot mit dot edu>
Remove Q's to respond. No spam.
More information about the Python-list
mailing list