Difference between revisions of "LlSHA1String"

From Second Life Wiki
Jump to navigation Jump to search
(Direct residents to LSL's built-in llSHA256String and away from script implementations.)
 
Line 1: Line 1:
{{LSL_Function
{{LSL_Function
|inject-1={{LSL Function/warning|Security|The SHA-1 hashing algorithm is considered broken but the attacks are largely still theoretical and not very practical. {{Wikipedia|SHA-1#Comparison_of_SHA_functions|Comparison of SHA functions}}}}
|inject-1={{LSL Function/warning|Security|The SHA-1 hashing algorithm is considered broken but the attacks are largely still theoretical and not very practical. Consider the more secure [[llSHA256String]]. {{Wikipedia|SHA-1#Comparison_of_SHA_functions|Comparison of SHA functions}}}}
|func_id=343|func_sleep=0.0|func_energy=10.0
|func_id=343|func_sleep=0.0|func_energy=10.0
|func=llSHA1String|return_type=string|p1_type=string|p1_name=src
|func=llSHA1String|return_type=string|p1_type=string|p1_name=src
Line 26: Line 26:
|also_events
|also_events
|also_articles=
|also_articles=
{{LSL DefineRow||[[SHA-1]]}}
{{LSL DefineRow||[[SHA-1]] (script implementation)}}
|notes
|notes
|deepnotes=
|deepnotes=

Latest revision as of 15:59, 9 December 2023

Emblem-important-red.png Security Warning!

The SHA-1 hashing algorithm is considered broken but the attacks are largely still theoretical and not very practical. Consider the more secure llSHA256String. "Wikipedia logo"Comparison of SHA functions

Summary

Function: string llSHA1String( string src );
0.0 Forced Delay
10.0 Energy

Returns a string of 40 hex characters that is the "Wikipedia logo"SHA-1 security hash of src.

• string src

Specification

LSL strings are stored in the UTF-8 format.

Caveats

There's no way to input a zero-byte value into this function, nor any byte value from 128-255, therefore it's currently broken for many purposes (like HMAC-SHA1). The reason is because LSL strings cannot have a unicode null character (U+0000) in them, and LSL has no escape code for the null character (many programming languages use \0 but LSL does not have this feature). llEscapeURL("%00") yields an empty string. As well, inside this function, each character with a Unicode integer value over U+0127 / 007F are dealt with in UTF-8 fashion: in the hex values, 0xC2 is appended to the byte value (hence 0x0080-0x00FF become 0xC280-0xC2FF inside the llSHA1String() routine). A JIRA has been filed for this.

Examples

llSay(0, llSHA1String("Hello, Avatar!")); // returns 2E73318E547AF1B28CC0C96F95DDC9B1EE906B8D

Linux Example

$ echo -n 'Hello, Avatar!' | openssl sha1
2E73318E547AF1B28CC0C96F95DDC9B1EE906B8D

See Also

Functions

•  llMD5String
•  llSHA256String

Articles

•  SHA-1 (script implementation)

Deep Notes

Prior to this, the only way to get the SHA-1 hash was to use the LSL SHA-1 port: SHA-1

History

Signature

function string llSHA1String( string src );