"Finite Field Arithmetic." Chapter 20B: Support for Selected Ancient Hash Algos in "Litmus."

This article is part of a series of hands-on tutorials introducing FFA, or the Finite Field Arithmetic library. FFA differs from the typical "Open Sores" abomination, in that -- rather than trusting the author blindly with their lives -- prospective users are expected to read and fully understand every single line. In exactly the same manner that you would understand and pack your own parachute. The reader will assemble and test a working FFA with his own hands, and at the same time grasp the purpose of each moving part therein.

You will need:

Add the above vpatches and seals to your V-set, and press to ffa_ch20b_litmus_legacy_hashes.kv.vpatch.

As of Chapter 20B, the versions of Peh and FFA are 250 and 253, respectively. FFA and Peh themselves have not changed from Chapter 19.

Compile Peh:

cd ffacalc
gprbuild

... and install it to a path visible in your shell (e.g. /usr/bin.)


In the course of experimenting with the subject of the previous Chapter, I found that a number of current and past Vtronicists had misconfigured their GPG, and emit suboptimal signatures (i.e. not SHA-512, the strongest of the ancient hashes supported by that utility). And so I added support for these. (Litmus will emit a warning if such a signature is encountered.)

The following routine has been added to Litmus:


litmus.sh:

# If Sig was made with an unsupported hash algo:
eggog_unsupported_hash() {
    algo=$1
    echo "This sig uses an unsupported Digest Algo: $1 !" >&2
    exit $RET_EGGOG
}
 
.......
 
# Warnings:
achtung() {
    echo "WARNING: $1" >&2
}
 
.......
 
# Digest Algo (only certain hash algos are supported)
get_sig_bytes 1
turd+=$r
hex_to_int
sig_digest_algo=$r
 
# If hash algo is supported, get ASN turd and MD_LEN; and if not, eggog:
case $sig_digest_algo in
    1)  ## MD5 -- NOT SUPPORTED ##
        eggog_unsupported_hash "MD5"
        ;;
 
    2)  ## SHA1 ##
        achtung "This sig was made with SHA-1, which is cheaply breakable!"
        achtung "Please contact the signer ($pubkey_owner) !"
        HASHER="shasum -a 1 -b"
        ASN="3021300906052b0e03021a05000414"
        MD_LEN=20
        ;;
 
    3)  ## RIPE-MD/160 -- NOT SUPPORTED ##
        eggog_unsupported_hash "RIPE-MD/160"
        ;;
 
    8)  ## SHA256 ##
        achtung "This sig was made with SHA-256; GPG supports SHA-512."
        achtung "Please contact the signer ($pubkey_owner) !"
        HASHER="shasum -a 256 -b"
        ASN="3031300d060960864801650304020105000420"
        MD_LEN=32
        ;;
 
    9)  ## SHA384 ##
        achtung "This sig was made with SHA-384; GPG supports SHA-512."
        achtung "Please contact the signer ($pubkey_owner) !"
        HASHER="shasum -a 384 -b"
        ASN="3041300d060960864801650304020205000430"
        MD_LEN=48
        ;;
 
    10) ## SHA512 ##
        HASHER="shasum -a 512 -b"
        ASN="3051300D060960864801650304020305000440"
        MD_LEN=64 # 512 / 8 == 64 bytes
        ;;
 
    11) ## SHA224 ##
        achtung "This sig was made with SHA-224; GPG supports SHA-512."
        achtung "Please contact the signer ($pubkey_owner) !"
        HASHER="shasum -a 224 -b"
        ASN="302D300d06096086480165030402040500041C"
        MD_LEN=28
        ;;
 
    *)  ## Unknown Digest Type ##
        eggog_unsupported_hash "UNKNOWN (type $sig_digest_algo)"
        ;;
esac
 
# Calculate length (bytes) of the ASN turd for the digest used in the sig:
ASN_LEN=$((${#ASN} / 2))
 
.......


To test, for instance, verification of SHA-1 signatures (please stop using SHA-1, people! see e.g. here), download this Litmus-converted GPG public key of former contributor Diana Coman, and verify her signature of Chapter 1:

./litmus.sh diana_coman.peh ffa_ch1_genesis.kv.vpatch.diana_coman.sig ffa_ch1_genesis.kv.vpatch

... which will yield the output:

WARNING: This sig was made with SHA-1, which is cheaply breakable!
WARNING: Please contact the signer (Diana Coman <office@dianacoman.com>) !
VALID GPG RSA signature from Diana Coman <office@dianacoman.com>


~To be continued!~

This entry was written by Stanislav , posted on Tuesday January 07 2020 , filed under Ada, Bitcoin, Cold Air, Computation, Cryptography, FFA, Friends, Mathematics, SoftwareArchaeology, SoftwareSucks, VTronics . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

3 Responses to “"Finite Field Arithmetic." Chapter 20B: Support for Selected Ancient Hash Algos in "Litmus."”

    • Stanislav says:

      Dear shinohai,

      The first link seems to broken?

      Yours,
      -S

      • shinohai says:

        Anywho, sig for chapter 20b:

        -----BEGIN PGP SIGNATURE-----

        iQIzBAABCgAdFiEEJg+le85nelwEv2C6SnWIPMGx00wFAl4XKloACgkQSnWIPMGx
        00z5KA//RBvD6O9uIAwUuEG3T7YOkiPMD9pNZ7USE4KI35DBVYWefn0tBwUwI77+
        rud+a/b95J1VlJqZEoN+VvLKhlv3GxgiphXIqyatmkQSVk5njTYhtpLwrQdmtQCe
        Bxfi+G6LbMzBFYWuhV19dhhpeuYGr+6zImpXTyDpkkCV48GlFEOiQIEV5pXs9YUf
        CwgtdhG1pq+rC85q9DAfluiEkDULJtSpzODDhKdjWtFoPV2ptN+qFQ6J9o7GnWF1
        cviAu0rMKRHVV5S22OAQ7Kbc71jw369jQ0+Ns/m9zn1nbzbqq1nUv9QkzOQD5GEs
        o7Y5dPkx3SycXN0JyhVa6WSWPN17df0mWtIxxm3krX8bT+KeruPiLupsf6VVfG4W
        s8GdS9TF3G6fb1e6rjRsBede9MZdlTcHxtPnv96qzdNS/xNuftnAzEJ3mJ3iQ2J2
        lqoQ6J3scZ7WsBcufO19RBiGu8RoR18ENERCakpP86vNE1ZFHsvt5DH6QMUkKNt8
        GpBZPQc/TUUXWmK7uobP103x+z7HkxSwuUfweTq/vaZXCU6Vwwy+UhWnQXV2u1xF
        3p78uqn6StNK1m65BSvH2GTiBrSIdZ+NEvL8c7vpsApQO5o2KZE+Q1xQpoHcT9Wy
        D/BQJlzFRAindshatkwBYoFR0W4MRtrbjcLmqC2fE7QeJuD7100=
        =Qai4
        -----END PGP SIGNATURE-----

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" highlight="">


MANDATORY: Please prove that you are human:

44 xor 29 = ?

What is the serial baud rate of the FG device ?


Answer the riddle correctly before clicking "Submit", or comment will NOT appear! Not in moderation queue, NOWHERE!