search

wisepythagoras / pyrin

A [fairly slow and] secure 512-bit one way cryptographic hash function.
GNU Lesser General Public License v3.0
1 stars 0 forks source link

Flaw when hashing emojis. #1

Open ghost opened 7 years ago

ghost commented 7 years ago

image image

Emojis get this magnificent effect.

toHex(pyrin("😀"))
"d8b6defaab158498308a86e213ae30deba86915ade4af5546c9e2f34401ecb160624aabf2ff13cdb3a07bd7a407c786418a93cfbde27f1a58719d1d8bfe7bf9ed9d1"
toHex(pyrin("😭 😓 😪 😴 🙄 🤔 🤥 😬 🤐 🤢 🤧 😷 🤒 🤕 😈 👿 👹 👺 💩 "))
"d815de834fd86dde3b39d87ade510dd8e3de4eb3d80dde444ad83eddbf81d8a6dd8105d8fbdee4c9d8e4ddb247d8f8dda9f7d859dd27fbd8c3dea3b2d894dd165bd890dda7f2d822ded583d866dc5d10d80cdcc29ad86fdc10b9d847dccff826c5104e58e129"

Most emojis have a char code of [much] larger than 255.

"😀".charCodeAt(0)
55357
"a".charCodeAt(0)
97
  1. The code space of the resulted hash should be 0-255
  2. Every input should result in a 512-bit/128-byte output.
ghost commented 7 years ago

Apparently in C, the emojis have a length of 4.

#include <stdio.h>
#include <string.h>

// Outputs: strlen('😀') = 4
int main(void) {
    char *emoji = "😀";
    printf("strlen('😀') = %i\n", strlen(emoji));
    return 0;
}

https://ideone.com/oCDK32