HashPump icon indicating copy to clipboard operation
HashPump copied to clipboard

Published 20 hours ago verified publisher icon bwall

SHA fail

Open maojui opened this issue 7 years ago • 3 comments

Are padding miscalculate and make something error?

key           =  b'a'*44
original_data =  b'aaaaaaaaaaaa'  # (12~16)
data_to_add   =  b'XD' .  # ...any...

and then.

......
    assert new_digest == verify_digest
AssertionError

the new_data is : b'aaaaaaaaaaaa\x80\x00\x00\x00\x00\x00\x01\xc0XD' but I think it must be : b'aaaaaaaaaaaa\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xc0XD'

maojui avatar May 27 '18 09:05 maojui

Hi,

It appears to me that the package on pypi is broken. Installing hashpumpy to a virtual environment, the example you posted works:

$ python -m virtualenv .venv
$ . .venv/bin/activate
$ python setup.py install

However, using pip install hashpumpy the example you posted fails. Can anyone narrow down the root cause of this issue?

ambiso avatar Nov 25 '18 01:11 ambiso

@zachriggle @bwall Could you maybe try rebuilding and uploading the python package to pypi, and see if that fixes the issue?

ambiso avatar Nov 25 '18 17:11 ambiso

I've rebuilt a source distribution of the package and you can install it via:

$ pip install --index-url https://test.pypi.org/simple/ hashpumpy
Looking in indexes: https://test.pypi.org/simple/
Collecting hashpumpy
  Downloading https://test-files.pythonhosted.org/packages/56/2a/eed16f9232c92a6d9bb0dbe7803f7c596c0b678c83f256e66de4c709bafa/hashpumpy-1.2.tar.gz                                                                
Building wheels for collected packages: hashpumpy
  Running setup.py bdist_wheel for hashpumpy ... done
  Stored in directory: /home/redacted/.cache/pip/wheels/cc/a7/63/82c48edcc15134329501c72af276ed8ace0aede0b32229b272
Successfully built hashpumpy
Installing collected packages: hashpumpy
Successfully installed hashpumpy-1.2

This fixes the issue:

>>> import hashpumpy
>>> key           =  b'a'*44
>>> original_data =  b'aaaaaaaaaaaa'  # (12~16)
>>> data_to_add   =  b'XD'
>>> 
>>> import hashlib
>>> digest = hashlib.sha256(key + original_data).hexdigest()
>>> new_digest, new_data = hashpumpy.hashpump(digest, original_data, data_to_add, len(key))
>>> assert hashlib.sha256(key + new_data).hexdigest() == new_digest

@bwall or @zachriggle Could you pretty please upload a source distribution to pypi? :whale:

ambiso avatar Nov 30 '18 13:11 ambiso