MD5 Function Without Salt
complete
Signal Linden
Add a new MD5 function with a signature similar to
llSHA1
and llSHA256
.Details
Second Life's llMD5String function inexplicably includes a
":"+(integer)nonce
salt in the plaintext. Why? I have absolutely no idea, but it makes generating actual plain MD5 digests impossible with LSL.Log In
This post was marked as
complete
Signal Linden
in progress
Whoops, looks like this got marked as complete. It's in an upcoming release. :)
This post was marked as
complete
Signal Linden
in progress
Leviathan Linden
The work for a general
llComputeHash(string message, string algorithm)
is done in a branch, however I'm unable to change the status
of this issues from planned
to in-progress
.Kadah Coba
Leviathan Linden: Instead of yet another string, how about enum?
Leviathan Linden
Kadah Coba: that is a very good suggestion, however I figured
llComputeHash(
) should follow the pattern of llHMAC()
, llSignRSA()
and llVerifyRSA()
which already expect the algorithm name as a string.Kadah Coba
Leviathan Linden: Those really should have been enums too. Just saying :V
Leviathan Linden
Kadah Coba: Yes, you're right. That was my mistake.
V
VriSeriphim Resident
Leviathan Linden
I have looked at the new function, https://wiki.secondlife.com/wiki/LlComputeHash
Other than sha1, I assume the SHA algorithms are all in the SHA-1 family?
I suggest that SHA-3 family of hash algorithms also be supported.
Leviathan Linden
VriSeriphim Resident: I did look into supporting the SHA3 algorithms. As I recall they were a bit slow to compute for the largest possible LSL string. We didn't want to add an LSL method that could bog down the SL server runtime, so we pruned the list down to the performant ones. It might be possible to open the SHA3 family in the future, but would have to limit the string length that could be submitted.
Leviathan Linden
What would the new LSL method be called?
llNoSaltMD5()
? llMD5SansSalt()
? llMD5Correct()
? None of those names seem like good ideas.Unfortunately
llHash()
is already taken so... how about a general purpose llGetHash(message, algorithm)
that can produce various hashes (MD5, SHA1, etc)?Journey Bunny
Quick correction on the llMD5 link in details--that one points to a resident-contributed LSL implementation of MD5. Second Life's implementation with the funky hard-coded ":" is at https://wiki.secondlife.com/wiki/LlMD5String
Leviathan Linden
Thanks for pointing that out. I fixed the details.
Signal Linden
planned