Comments (6)
You're right. Hash functions like SHA and MD5 append the message length in bits
to the end of the message. By definition, that length is a 64-bit number. But
several JS implementations, including CryptoJS, counted using only a 32-bit
number. That decision was partly for simplicity, partly because it was hard to
imagine using JavaScript to hash 512 MB or more. Nonetheless, it's a flaw, and
I'll have it corrected.
Original comment by Jeff.Mott.OR
on 4 Sep 2012 at 11:11
- Changed state: Accepted
from crypto-js.
My colegue found a solution. Change the line 135 of the sha256.js file from:
dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
to:
dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal /
4294967296);
dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal & 0xFFFFFFFF;
(Sorry I don't have the diff file...)
Original comment by [email protected]
on 4 Sep 2012 at 11:18
from crypto-js.
Yes, that's definitely an improvement. JavaScript numbers are 64-bit floating
point (aka double), so we get 53-bits before we start losing precision. Your
colleague increased possible message lengths from 32 to 53-bits. I'll also look
into a fix to get the full 64-bits.
Original comment by Jeff.Mott.OR
on 5 Sep 2012 at 12:31
from crypto-js.
I think I'm seeing this issue for SHA1 and MD5. 53bits doesn't sound to shabby.
Not sure anyone wants to hash more than a petabyte in js anytime soon. I
definitely don't need the full two exabytes ;-)
Original comment by [email protected]
on 27 Sep 2012 at 12:03
from crypto-js.
Latest release includes your colleague's solution.
Original comment by Jeff.Mott.OR
on 7 Jan 2013 at 1:57
- Changed state: Fixed
from crypto-js.
Great! Many thanks!
Original comment by [email protected]
on 7 Jan 2013 at 3:48
from crypto-js.
Related Issues (20)
- AES encrypted string to be converted to base 64 string and then to byte array in Javascript
- Uncaught TypeError: Cannot read property 'init' of undefined HOT 1
- Clarify license HOT 2
- Automatic key expiration
- Type a is undefined in rollup version of aes.js line 27. HOT 4
- Crypto.JS PBKDF2 Results Differnt then .Net Rfc2898DeriveBytes HOT 1
- Crypto-js decryption implemention HOT 1
- Most of the hashs wont works regarding file encoding HOT 4
- Not able to decrypt the encrypted data on server side which was encrypted using CryproJS on client side..
- TripleDES result is different each time, and is not correct
- AES 256 decrypt from data oracle function encrypting HOT 1
- Broken hashing with sigBytes< bytes
- Error: Unable to get property 'createEncryptor' of undefined or null reference
- [IE8]Object doesn't support property or method
- decrypt of ciphertext not working for strings HOT 2
- [documentation] Add recommendation to use https
- Using pbkdf2Sync function with sha256 gives different key with different system architecture (32 bit and 64 bit) HOT 2
- After encryption CryptoJS returning script then encrypted text
- I am using CryptoJS MD5 algorith for large files, it is very very very slow, how to icrease performance
- Sha3 result different for long strings on android 4.2.2 webview
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypto-js.