Difference between revisions of "LlSHA1String"
m |
Rider Linden (talk | contribs) |
||
| (9 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
{{LSL_Function | {{LSL_Function | ||
| | |inject-1={{LSL Function/warning|Security|The SHA-1 hashing algorithm is considered broken but the attacks are largely still theoretical and not very practical. {{Wikipedia|SHA-1#Comparison_of_SHA_functions|Comparison of SHA functions}}}} | ||
|func_id=343|func_sleep=0.0|func_energy=10.0 | |func_id=343|func_sleep=0.0|func_energy=10.0 | ||
|func=llSHA1String|return_type=string|p1_type=string|p1_name=src | |func=llSHA1String|return_type=string|p1_type=string|p1_name=src | ||
|func_footnote | |func_footnote | ||
|func_desc | |func_desc | ||
|return_text=of 40 hex characters that is the {{Wikipedia| | |return_text=of 40 hex characters that is the {{Wikipedia|SHA-1|SHA-1}} security hash of {{LSLP|src}}. | ||
|spec=LSL strings are stored in the UTF-8 format. | |spec=LSL strings are stored in the UTF-8 format. | ||
|caveats | |caveats=There's no way to input a zero-byte value into this function, nor any byte value from 128-255, therefore it's currently broken for many purposes (like HMAC-SHA1). The reason is because LSL strings cannot have a unicode null character (U+0000) in them, and LSL has no escape code for the null character (many programming languages use \0 but LSL does not have this feature). llEscapeURL("%00") yields an empty string. As well, inside this function, each character with a Unicode integer value over U+0127 / 007F are dealt with in UTF-8 fashion: in the hex values, 0xC2 is appended to the byte value (hence 0x0080-0x00FF become 0xC280-0xC2FF inside the llSHA1String() routine). A JIRA has been filed for this. | ||
|constants | |constants | ||
|examples= | |examples= | ||
< | <source lang="lsl2"> | ||
llSay(0, llSHA1String("Hello, Avatar!")); // returns 2E73318E547AF1B28CC0C96F95DDC9B1EE906B8D | llSay(0, llSHA1String("Hello, Avatar!")); // returns 2E73318E547AF1B28CC0C96F95DDC9B1EE906B8D | ||
</ | </source> | ||
====Linux Example==== | ====Linux Example==== | ||
| Line 22: | Line 22: | ||
|also_functions= | |also_functions= | ||
{{LSL DefineRow||[[llMD5String]]}} | {{LSL DefineRow||[[llMD5String]]}} | ||
{{LSL DefineRow||[[llSHA256String]]}} | |||
|also_tests | |also_tests | ||
|also_events | |also_events | ||
|also_articles= | |also_articles= | ||
{{LSL DefineRow||[[ | {{LSL DefineRow||[[SHA-1]]}} | ||
|notes | |notes | ||
|deepnotes= | |deepnotes= | ||
Prior to this, the only way to get the | Prior to this, the only way to get the SHA-1 hash was to use the LSL SHA-1 port: [[SHA-1]] | ||
|history= | |history= | ||
*{{SVN|1291|rev=98903|trunk=*|anchor=file13|ver=1.21.5.97417|ser=1.24.9.98650}} Initial introduction. | *{{SVN|1291|rev=98903|trunk=*|anchor=file13|ver=1.21.5.97417|ser=1.24.9.98650}} Initial introduction. | ||
*{{SVN|1298|rev=99021|branch=OpenAL|ver=1.21.5.97417|ser=1.24.9.98650|path=branches/openal/indra/lscript/lscript_library/lscript_library.cpp}} Integration into OpenAL branch. | *{{SVN|1298|rev=99021|branch=OpenAL|ver=1.21.5.97417|ser=1.24.9.98650|path=branches/openal/indra/lscript/lscript_library/lscript_library.cpp}} | ||
Integration into OpenAL branch. | |||
* Date of Release [[ Release_Notes/Second_Life_Beta_Server/1.25#Server_Release_Notes.2C_Second_Life_Beta_Server_1.25.0 | 2008-10-31 ]] | |||
|cat1=Hash | |cat1=Hash | ||
|cat2=Encoding | |cat2=Encoding | ||
|cat3 | |cat3 | ||
|cat4 | |cat4 | ||
}}{{LSLC|Encryption|llSHA1String}} | }}{{LSLC{{#var:lang}}|Encryption|llSHA1String}} | ||
Revision as of 11:24, 16 September 2022
| LSL Portal | Functions | Events | Types | Operators | Constants | Flow Control | Script Library | Categorized Library | Tutorials |
|
Security Warning! |
|
The SHA-1 hashing algorithm is considered broken but the attacks are largely still theoretical and not very practical. |
Summary
Function: string llSHA1String( string src );| 343 | Function ID |
| 0.0 | Forced Delay |
| 10.0 | Energy |
Returns a string of 40 hex characters that is the 
SHA-1 security hash of src.
| • string | src |
Specification
LSL strings are stored in the UTF-8 format.
Caveats
There's no way to input a zero-byte value into this function, nor any byte value from 128-255, therefore it's currently broken for many purposes (like HMAC-SHA1). The reason is because LSL strings cannot have a unicode null character (U+0000) in them, and LSL has no escape code for the null character (many programming languages use \0 but LSL does not have this feature). llEscapeURL("%00") yields an empty string. As well, inside this function, each character with a Unicode integer value over U+0127 / 007F are dealt with in UTF-8 fashion: in the hex values, 0xC2 is appended to the byte value (hence 0x0080-0x00FF become 0xC280-0xC2FF inside the llSHA1String() routine). A JIRA has been filed for this.
Examples
llSay(0, llSHA1String("Hello, Avatar!")); // returns 2E73318E547AF1B28CC0C96F95DDC9B1EE906B8D
Linux Example
$ echo -n 'Hello, Avatar!' | openssl sha1 2E73318E547AF1B28CC0C96F95DDC9B1EE906B8D
See Also
Deep Notes
Prior to this, the only way to get the SHA-1 hash was to use the LSL SHA-1 port: SHA-1
History
SVN:1291 r98903 Trunk c:1.21.5.97417 s:1.24.9.98650Initial introduction.SVN:1298 r99021 Branch:OpenAL c:1.21.5.97417 s:1.24.9.98650
- Date of Release 2008-10-31
Search JIRA for related Issues
Signature |
|---|
function string llSHA1String( string src ); |