SHA-1 algorithm in xTalk?

[Wouter]

On 21 Nov 2005, at 17:40, David Bovill wrote:

> The SSL libraries that RunRev uses should be able to do this - and  
> I would have thought considerably faster than a native and possibly  
> less secure Transcript implementation - no?

Which is easy to do with shell() and openssl.
Shao Sean will offer a pure transcript version of SHA-1 in a short time.
Meanwhile one can experiment with the openssl version:
(this is a mac version working on OSX 10.4.3 rev 2.6.1,
never tested on other OS versions/platforms,
please upload the adaptations and good luck)

- for hash of a file:

on mouseUp
   answer file "choose file for hash"
   if it <> "" then
     replace space with "\"&space in it
     put OSSL(it) into fld 1
   end if
end mouseUp

function OSSL pPath
  return word -1 of shell("openssl dgst -sha1" && pPath)
end OSSL

- for hash of a password or other string(s):

on mouseUp
   put OSSL(fld 1) into fld 2
end mouseUp

function OSSL pText
   put the tempName&".tmp" into tPath
   put pText into url ("file:"&tPath)
   ## adapt time  according to rig (may be not necessary)
   wait 0 with messages
   return word -1 of shell("openssl dgst -sha1" &&tPath)
end OSSL

Other hashes are available --> man pages sha1
Option to sign a file by adding a flag --> man pages sha1
Other services of openssl --> man pages openssl

> On 21 Nov 2005, at 17:35, Alessandro Manotti wrote:
>
>> Sorry if I introduce myself in this posts.
>> Please note that md5 is no more reliable! Since it was officially  
>> cracked.
>>
>> Even Sha-0 was cracked, but it is far incomplete/primitive then  
>> sha-1,
>> which is the only reliable hash system to verify digital signature,
>> software integrity, etc...

SHA-1 has been compromised too.
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
http://www.rsasecurity.com/rsalabs/node.asp?id=2927
etc.

Greetings,
Wouter