mIRC Home    About    Download    Register    News    Help

Print Thread
#35637 11/07/03 05:35 AM
Joined: May 2003
Posts: 730
S
ScatMan Offline OP
Hoopy frood
OP Offline
Hoopy frood
S
Joined: May 2003
Posts: 730
what does this identifier? how it works?


#35638 11/07/03 06:27 AM
Joined: Mar 2003
Posts: 54
J
Babel fish
Offline
Babel fish
J
Joined: Mar 2003
Posts: 54
I believe it returns something depending on the contents of a file. If the contents are modified, a different string will be returned by $crc. It can be used to check if a file has been altered.

#35639 11/07/03 06:38 AM
Joined: Jan 2003
Posts: 3,012
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
Cyclic Redundancy Check

You would use $crc to check to make sure a file has been copied correctly to a directory. i.e ftp server's usually use it to check that the file on your server is the same of that found on your computer.

here's an example

/testcrc {
/write -c mycrc.txt Hello there
/copy mycrc.txt mycrc2.txt
if ($crc(mycrc.txt) == $crc(mycrc2.txt)) /echo -a File copy successful
else /echo -a File copy failed
}



-KingTomato
#35640 11/07/03 07:45 AM
Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
Would be nice if it accepted Text, %var, &binvar, and @window too.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
#35641 11/07/03 09:56 AM
Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
$md5() does all these (except the @window). Add this to the fact that, for large files, $md5 seems to be marginally faster than $crc and you don't need $crc at all.


/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
#35642 11/07/03 11:51 AM
Joined: May 2003
Posts: 730
S
ScatMan Offline OP
Hoopy frood
OP Offline
Hoopy frood
S
Joined: May 2003
Posts: 730
but how the $md5 and $crc works??
i don't understand

#35643 11/07/03 01:50 PM
Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
If you mean "how does md5 calculate this unique value from a file/string?", the answer is beyond the scope of this post. It's a complex process, with LOTS of calculations etc. There is an md5 snippet on www.mircscripts.org (was written before $md5 was implemented in mirc), you can check it out and get an idea. I'm sure you can find plenty of info on the net though.

If you actually wanted to know why md5/crc are useful, read on, otherwise ignore the rest.

$md5 / $crc produce a unique string for any input you give them. In other words, no two different inputs can produce the same output. This means that you can use an md5/crc result as a unique ID, something like a fingerprint: no two people in the world have the same fingerprints. md5/crc are also irreversible, ie one-way: you cannot get the input from the output. These two features make md5/crc useful in two major fields:

1) passwords: instead of keeping a list of passwords, a bot (for example) can keep a list of their md5 values. When a user logs in to that bot, the bot would do a $md5(<password given by the user>) and check it against the md5 value it has stored in the password list. This way, the passwords are safe from anyone that could gain access to the password list, because you can't get the password from its md5 value.

2) file verification: say you download a file from the internet and you want to make sure it's not corrupted. Checking the file size isn't good enough (if, for example, the 3rd byte is different in two files, they have the same size but they are obviously different files). If the source (for example, the website that offers the file) gives you the md5 value of the file, you can compare this value with the value of the file you downloaded. If these values are the same, you can be sure that your file was downloaded fine (again, because no two different files can give the same md5)


/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
#35644 11/07/03 02:27 PM
Joined: Jul 2003
Posts: 46
V
Ameglian cow
Offline
Ameglian cow
V
Joined: Jul 2003
Posts: 46
ok, i say, set %pass.test $md5(blahblah)
returns cc5985ab3406f600b03a786c516fb09a
but i can't use it unless i enter the original $md5(blahblah)
such as this
$iif(%pass.test == $md5(blahblah),yes,no)

so how is this so secretive when if you simply looked where the user had to check whether $md5 was equal to
%pass.test

can you tell me what im missing here?

#35645 11/07/03 03:47 PM
Joined: Jan 2003
Posts: 2,523
Q
Hoopy frood
Offline
Hoopy frood
Q
Joined: Jan 2003
Posts: 2,523
md5 is good for login procedures. The security I'm talking about is more evident with an example.

Let's say I have a bot that keeps the user accounts in a ini file (accounts.ini), like this:

[users]
qwerty=6f1ed002ab5595859014ebf0951522d9
vexx0r=4eb20288afaed97e82bde371260db8d8
foo=2c23312e834c436c527bbdc30050843e

To log in to the bot, I'd type: /msg <botnick> login qwerty <mypassword>
To make sure it is me, the bot would have somewhere in the script:
Code:
on 1:text:login *:?:{
  if ($md5($3) == $readini(accounts.ini,users,$2)) {
    .notice $nick User $2 authenticated
    &lt;other commands&gt;
  }
  else {
    .notice $nick Invalid password for user $2
  }
}
This way, the actual passwords are not stored anywhere, so a malicious person who would gain access to my hard drive would have no way to find those passwords, neither by looking at accounts.ini, nor by looking at the script. Even if he obtained the md5 values, they would be useless to him.


/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com
#35646 11/07/03 09:39 PM
Joined: May 2003
Posts: 730
S
ScatMan Offline OP
Hoopy frood
OP Offline
Hoopy frood
S
Joined: May 2003
Posts: 730
aha, thanks
can u give me the url for the $md5 from mircscripts cuz i didn't find it there

#35647 11/07/03 09:46 PM
Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
$md5 / $crc produce a unique string for any input you give them. In other words, no two different inputs can produce the same output. This means that you can use an md5/crc result as a unique ID, something like a fingerprint: no two people in the world have the same fingerprints.

I'm going to add to your post, only because some of your wording is misleading (unintentionally) on a technical level. I know you know this info already, it's for other readers.

The reason there are different "fingerprinting" methods, such as CRC16 CRC32 and MD5, is because these methods each have different levels of accuracy. No method can make a completely unique fingerprint without using some form of lossless compression (like ZIP files). Of corse, any lossless methods would produce a string much to large to be used conveniently.

CRC16 produces a 16bit (2 byte, 4 half-byte) "Check Sum" or "hash" of the input string. You may recall old DOS programs giving the error CHECKSUM ERROR: FE3C should be 2D2E, etc. This is because whatever data was checked for integrity came back with a different result. CRC16 has a 1 in 65536 chance of error.

CRC32 produces a value like CRC16, but it's 32bit (4 byte). It is still commonly used in most 32bit programs, because it conveniently fits in a 32bit variable. CRC32 has a strong 1 in 4294967296 (4 billion) chance of error. You will be hard pressed to find 2 like-sized files with identical CRC32 checksums.

MD5 produces a 128 bit (16 byte) hash based off a similar but different technique as CRC uses. The accuracy of an MD5 is a whopping 1 in 340282366920938463463374607431768211456 (that's 340 undecillion). I don't know if anyone has successfully produced 2 different files with a matching value yet.

As far as producing an MD5 hash from a password, the purpose here is to hide the actual password from prying eyes. In most cases, possessing the MD5 hash is of no use since it cannot be entered AS a password. It would also take over 2^128 (340 undecillion) cpu cycles to extract the original password (and then there's the possibility it's still incorrect).

- Raccoon


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
#35648 11/07/03 11:09 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
If you want to know it in a really simple explanation (for CRC), CRC uses a process of repeated polynomial division using a special CRC polynomial (the actual process of coming up with a CRC polynomial could fill a page of text so I'm not going into that here). Basically you take the given number, divide it by the CRC polynomial, then divide the remainder by the CRC polynomial and continue until the remainder is 0. If you want to know any more than that, get a good math book smile

#35649 11/07/03 11:41 PM
Joined: May 2003
Posts: 730
S
ScatMan Offline OP
Hoopy frood
OP Offline
Hoopy frood
S
Joined: May 2003
Posts: 730
ok

#35650 11/07/03 11:48 PM
Joined: Jan 2003
Posts: 3,012
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
yup, that definally surpasses my explination.. Even learned a few things. I was playing with sockets and downlaoding files and saw some websites sending a header with the file. It was (or appeared to be) an md5 hash, which i can now guess it was the "fingerprint" that after i downlaod can use to make sure i got the complete file >:D


-KingTomato
#35651 11/07/03 11:50 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
One note, while md5 itself may be virtually safe, the fact that the md5 of a file you downloaded matches the one on the website doesn't mean you're safe. If the hacker managed to hack the server and upload his own binary (which has a different md5) it seems pretty reasonable to assume he could have also changed the md5-checksums.html as well to match the ones in his hacked version of the binary.

#35652 11/07/03 11:51 PM
Joined: Jan 2003
Posts: 3,012
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
I wasn't referring to authenticty, but more completness of the download.


-KingTomato
#35653 11/07/03 11:52 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Yeah I know, but since md5 is very commonly used to check for hacked files, I just figured I'd point that out.

#35654 11/07/03 11:54 PM
Joined: Jan 2003
Posts: 3,012
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
Thank you just the same >:D


-KingTomato

Link Copied to Clipboard