Author | Message | Time |
---|---|---|
iNsAnE-MS | Is there somewhere or some way I can find out how battle.net's modified SHA-1 is different from the original? | October 14, 2003, 5:07 AM |
Moonshine | Look at how a bot's SHA-1 hashing function works, then look at the FIPS 180-1 (The real SHA-1 Standard), which is available here: http://www.itl.nist.gov/fipspubs/fip180-1.htm | October 14, 2003, 5:21 AM |
Adron | Basically they mixed up the operands to the bit shifting/rotating functions. Instead of rotating X by Y, they rotate Y by X (for example, instead of rotating 0xbaaaad00 7 steps to the right, making 0175555A, they rotate 0x00000007 0xbaaaad00 steps to the right, making 0x00000007). You should notice that this most probably greatly reduces the security of the algorithm. | October 15, 2003, 10:42 PM |
c0ol | [quote author=Adron link=board=17;threadid=3088;start=0#msg24299 date=1066257738] You should notice that this most probably greatly reduces the security of the algorithm. [/quote] Do you have any idea why this was done? | October 22, 2003, 1:03 AM |
iago | [quote author=c0ol link=board=17;threadid=3088;start=0#msg24929 date=1066784608] [quote author=Adron link=board=17;threadid=3088;start=0#msg24299 date=1066257738] You should notice that this most probably greatly reduces the security of the algorithm. [/quote] Do you have any idea why this was done? [/quote] To make it harder to guess, I would imagine, so people can't just use an out-of-the-box SHA-1 algorithm | October 22, 2003, 4:16 AM |
Yoni | Maybe they did it by mistake, which would be typical of Blizzard... (Although now that I think of it, not so typical of the "old" Blizzard programmers who wrote this code to begin with.) Nobody really knows why. | October 22, 2003, 6:48 AM |
Adron | If they had a macro with two arguments to do the actual rotate, and the arguments weren't named properly, rotating the wrong thing would be an easy mistake to make. And you wouldn't notice it unless you either checked the output with a reference implementation or carefully traced the code and checked the intermediate values. Both generate a random-looking output. | October 22, 2003, 7:59 AM |
c0ol | well if they wanted to use the standard SHA-1, wouldn't they just use a premade function? | October 22, 2003, 10:01 PM |
Skywing | [quote author=c0ol link=board=17;threadid=3088;start=0#msg25065 date=1066860061] well if they wanted to use the standard SHA-1, wouldn't they just use a premade function? [/quote] Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case. | October 22, 2003, 10:24 PM |
iago | [quote author=Skywing link=board=17;threadid=3088;start=0#msg25073 date=1066861495] [quote author=c0ol link=board=17;threadid=3088;start=0#msg25065 date=1066860061] well if they wanted to use the standard SHA-1, wouldn't they just use a premade function? [/quote] Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case. [/quote] Don't forget, they design their stuff to be platform-independant, so they'll often write their own to make sure it runs the same. Not that that's an excuse for doing it the hard way, but eh? :) | October 22, 2003, 10:31 PM |
Kp | [quote author=Yoni link=board=17;threadid=3088;start=0#msg24981 date=1066805330] Maybe they did it by mistake, which would be typical of Blizzard... (Although now that I think of it, not so typical of the "old" Blizzard programmers who wrote this code to begin with.) Nobody really knows why.[/quote]Actually, silly typo related mistakes abound in the old Blizzard code. Diablo is a great example of this; to this day, the spell Flash does incorrect damage because someone typed '2' instead of '20' in one of the equations, and they refuse to fix it even though people have told them exactly where the flaw is. Similarly, many perfectly functional bosses fail to appear because of mistakes in entering the appropriate dungeon level. | October 22, 2003, 10:34 PM |
Skywing | [quote author=iago link=board=17;threadid=3088;start=0#msg25074 date=1066861869] [quote author=Skywing link=board=17;threadid=3088;start=0#msg25073 date=1066861495] [quote author=c0ol link=board=17;threadid=3088;start=0#msg25065 date=1066860061] well if they wanted to use the standard SHA-1, wouldn't they just use a premade function? [/quote] Blizzard's had a long history of insisting on doing things "the hard way" by reinventing the wheel. They've also had a long history of reinventing the wheel incorrectly, as in this case. [/quote] Don't forget, they design their stuff to be platform-independant, so they'll often write their own to make sure it runs the same. Not that that's an excuse for doing it the hard way, but eh? :) [/quote] Virtually all of these things had free implementations available that are much more portable than Blizzard's. Oh, and don't forget their broken UTF-8 processing (violates standard and introduces security holes by processing redundant encodings). | October 22, 2003, 10:34 PM |
St0rm.iD | How about the fact that I log on with Brood War using 0x07? | October 23, 2003, 12:26 AM |
Skywing | [quote author=St0rm.iD link=board=17;threadid=3088;start=0#msg25106 date=1066868764] How about the fact that I log on with Brood War using 0x07? [/quote] That's being lazy, which is something completely different. Someone who is lazy would probably not want to spend so much time writing things already written. | October 23, 2003, 3:40 AM |