LiveCode Forums

Hello, everyone!

I have a current project that requires posting of an SHA512 hash of specified data to a particular web service. My question is not how the actual posting is done--I'm fine with that. What I do not know is how to create the SHA512 hash of the data.

I read another thread regarding this using libraries, but I have no idea how to use those libraries to achieve my hash out of Livecode.

If anyone could tell me where to start, generalize the process, or provide detailed instructions, I would be grateful.

Thank you for your help, and if you need more info, please let me know.

Christopher

I was going to suggest looking at the late Mark Smith's libhash-HMAC library http://marksmith.on-rev.com/revstuff/ but I see that caters for SHA256 but not SHA512. I don't know how complicated it would be to work through the SHA512 algorithm and either update or recode a SHA512 algo in LiveCode.
There is a helpful site here http://www.movable-type.co.uk/scripts/sha512.html with the SHA512 algorithm enabled in javascript, source code here cdn.rawgit.com/chrisveness/crypto/4e93a4d/sha512.js with some links to other more "production type" crypto libraries in javascript.
It might be possible to use a browser widget to leverage the javascript and return the hash. I would love to get into this a bit deeper but not likely to have a chance for a good while, but I hope this is at least better than a "nope, can't help" or stony silence.

(PS, Mark Smith's library needs a tweak or two to change/comment out a handler since sha1digest is now a reserved word in recent versions of LC.)

SparkOut,

Thank you so much for taking the time to respond. I really do appreciate it.

Is it my correct understanding that iOS developers (and Android, for that matter?) have the ability to do this directly in the Xcode IDE (or whatever is being used for Android)?

I think I understand your mention of implementing the .js on a secure server (mine), but I don't think my savvy patron on this project would take kindly to sending out data to be hashed to be read back in. This project is like a "let's give Livecode a chance on a hardline production job..."

It's a simple app, I can create the strings to hash, i just can't implement an SHA512 directly from the IDE... a combined app bundle with library would be ideal but I am lost and he's looking for a status report tomorrow morning.

I may lose this one, which would be a shame, for my faith in Livecode...

Again, many thanks, and if you have more nuggets of wisdom for this...

Christopher

SHA2 and SHA3 are in development by the engine team right now, targeting inclusion in v9.

Thank you, Richard, for the reassurance. I do appreciate it!

I meant above that it might be a possibility to use the javascript file as a local resource on the device and access it by leveraging a browser widget. I haven't had a chance to "paint-along", but I have seen a few threads discussing methods of communicating between browser scripts and livecode and I wondered if it might be possible to achieve the requirement that way.
If it is in development for native functionality, then that is great news.

Many thanks to SparkOut and Richard for their help.

What I managed to find is this simple (for me) solution.

1) Create the string in Livecode to send to a php page hosted on my server. Example:
then do with tResult what you need to do...

2) Create a simple-simple-simple php page with the following:
3) Because hashing is supported natively by PHP, I post the arguments from my Livecode fields to the url of the php page.

4) Once posted, the result is put into "it" to do with what I please.

This seems to work.

If anyone needs more info, let me know.

Great that this will be available from within Livecode in 9 (hopefully).

Thanks, again, SparkOut and Richard! I also want to thank Devin Assay for the invaluable info available from his BYU course resources.

I hope this helps anyone else looking for this functionality in a simple solution.

FWIW there's been some great progress on a new messageDigest function for LiveCode Script which will support SHA2 and SHA3 in addition to MD5 and SHA1. It's in review now, and may be available as early as v9 DP7 - you can follow the progress on this at Github:
https://github.com/livecode/livecode/pull/5229

released today lc9 dp7 with new SHA 2 and 3

Is there any documentation on how to produce a SHA512 hash? I just did a search in the dictionary LC9 dp9, and the only function that pops up is sha1digest. Thanks!

I believe you'll find the new hash options as param constants for the new messageDigest function.

FourthWorld wrote: ↑

Wed Oct 11, 2017 7:15 pm

I believe you'll find the new hash options as param constants for the new messageDigest function.

Thanks Richard!

hi everyone,

Since this Topic is about hashing...

I wonder how can one deals with the following situation:
A users installs "my App" on 2 distinct devices (like 1 pc and 1 Android ) and want to access its own account :

- How can the second device uses the same salted password to login into his account ?
login on boh devices simultaneously or not...

If at creation time the Salt function uses a "string" stored somewhere on Device1 for future login needs.
Doesnt the Salt need to use the same "ref String" on the second device too ?
...or else how could the PW checking be sucessful.
(2 dif Salted PW produced on each device...)


How could one possibly resolve the PW (sync) on a single user´s own devices (1,2,3...)

Hi Teriibi,

you could use the salted hash on as many devices you want.
You could then use a single pasword for anyone who uses it, if it's a tiny group of users.
Or you could retrieve the encoded password from your DB according to the username the user types in.
If the typed in password is then the same as the encrypted and retrieved password give access.

Is the account being accessed on a server?