Monday, January 23, 2006

ActionScript 3 MD5 and SHA1

I've taken the time to convert a publicly available JavaScript MD5 and SHA1 API to AS3.

MD5.encrypt ("password");
SHA1.encrypt ("password");

Not thoroughly tested but it seems to have worked in tha applications I have been building.

MD5.zip
SHA1.zip

>Paj's Home: Cryptography: JavaScript MD5

47 Comments:

At 8:54 PM, Blogger knvb1123 said...

Thanks a lot for porting it.
There are other huge SHA-1, MD2, MD5, and a LOT of other crap that some people really don't need. Yours is the easiest so far to use. I got it to run successfully in about 2 minutes after building the com/gsolo/encryption structure and setting my project to Actionscript 3.

For instance the crypt library here:
http://crypto.hurlant.com/

I mean it's feature filled and everything. BUT I couldn't get it to work with my app within 30 minutes. Yours is the best for me right now. Keep up the great work.

 
At 4:33 PM, Anonymous Chester McLaughlin said...

Thanks! These two packages worked great for me once I remember they have to be in the same folder structure as the package path.

com/gsolo/encryption/sha1.as
com/gsolo/encryption/md5.as

DUH! Back to basics...

Also, when I used these packages in Flex, I got a warning on lines 79 and 139.

"1112: Array(x) behaves the same as new Array(x). To cast a value to type Array use the expression x as Array instead of Array(x)."

I simply added the "new" keyword (like it suggests) and the warning went away.

I also tried to get the hurlant crypto library to work, but the MD5 and SHA1 hashes it produced didn't match ANY other hashes I generated anywhere else.

Thanks again for a great tool!

 
At 5:41 AM, Blogger Toiletfreak said...

Sorry, but how do I use your function in my Actionscript file? I get a function undefined error...and I saved the .as in the same directory as the Flash file...please help!

 
At 9:22 AM, Blogger Geoffrey Williams said...

You want to save the file in the ./com/gsolo/encryption/ directory relative your Flash file. Then import it using import com.gsolo.encryption.MD5.

 
At 11:20 AM, Anonymous Anonymous said...

Hi there, great work in porting these 2 scripts into AS3 packages, it works really nice.

But one thing is still poping up in the compiler errors.

MD5.as, line 222 - Warning: 3596: Duplicate variable definition.

Any solution for this one? the code still works fine even with this warning, but would be great to have it 100% error free :P

Thanx again

 
At 12:03 PM, Blogger Geoffrey Williams said...

Ya, these scripts were created way back in early betas where a couple of things have since changed with AS3 and FlexBuilder. I may get around to updating them one of these days.

For the specific warning, I'm not 100% sure where it is coming from as line 222 seems to be just a comment. The warning comes up when you do something like this tho:

var i : int = 0;
var i : int = 1;

If you could scan the code where it says the issue is, you may be able to solve it just by removing the second instance of 'var'.

 
At 10:50 AM, Blogger Toiletfreak said...

Thanks!! It works great! =) A question: Is your class released under any BSD / GNU license? Thanks!

 
At 10:41 AM, Anonymous Airton said...

Hello.

Like Chester, I've had:

"Array(x) behaves the same as new Array(x). To cast a value to type Array use the expression x as Array instead of Array(x)."

But I haven't understood where to add the "new" keyword like he's suggested.

Could you help me please?

Thanks a lot.

 
At 11:58 AM, Anonymous Anonymous said...

I believe BSD license covers it.

 
At 12:02 PM, Blogger Geoffrey Williams said...

I'm not sure that the Array(x) issue is related directly to these classes. From what I can tell, they all use the new keyword appropriately. Is Flex giving you a line number?

 
At 6:43 PM, Anonymous Paul said...

If I want to get an MD5 for a file as opposed to a string, how do I go about it?

 
At 9:34 AM, Anonymous Anonymous said...

Hmmm... I would think that you could load that file into a variable and or ByteArray and then do the calculation based on that.

HTH

 
At 7:57 AM, Blogger Tomas said...

ok, so i have no idea what are the odds of this, but i've actually found out (by a complete accident) that the MD5 doesn't work correct in very special cases ...

try running this code:

var s:String = "36d134567a95b44c";
s += "6d61ba9ec77d53dd";
s += "c71bd537e4e4eb21";
s += "288aaf1b0e497c52";
s += "36d134567a95b44c";
s += "6d61ba9ec77d53dd";

var test = MD5.encrypt(s);
trace( test + ' ' + (test == "8cb9009484b129c9d958e0d1bed3e3d4") + ' ' + test.length )

apparrently, when the result md5 hash contains consecutive zeroes, it is not handled properly ...

the original code from secureplay.com works just fine, so you guys must have made some kind of small mistake when converting their as1 code into as2

 
At 11:42 AM, Anonymous Anonymous said...

I need to use the SHA-1 to convert a hash for me but I don't know where to start with this. I do all my actionscript in flash rather than loading classes as2 style, can someone give me a quick guide as to how to use this??

 
At 7:28 PM, Blogger Geoffrey Williams said...

RE: MD5 doesn't work correct in very special cases

Could you confirm the output you're expecting to see. I get the following when I run it:

8cb9009484b129c9d958e0d1bed3e3d4 true 32

RE: SHA in Flash

Put the file under 'mydir/com/gsolo/encryption' Where mydir is the directory of the flash file you are working with. Then just import it and use it:

import com.gsolo.encryption.SHA1;

trace (SHA1.encrypt ("password"));

 
At 9:16 AM, Anonymous Maurits said...

RE: MD5 doesn't work correct in very special cases

I ran the described test in AS3 flash 9:

Result:
8cb9009484b129c9d958e0d1bed3e3d4 true 32

In agreement with Geoffrey Williams' result.

In addition I checked it in PHP with the following code:


/*md5 test*/
$str = "36d134567a95b44c";
$str .= "6d61ba9ec77d53dd";
$str .= "c71bd537e4e4eb21";
$str .= "288aaf1b0e497c52";
$str .= "36d134567a95b44c";
$str .= "6d61ba9ec77d53dd";
$test = md5($str);

echo $test . ' ' . ($test == "8cb9009484b129c9d958e0d1bed3e3d4") . ' ' . strlen($test);


result:
8cb9009484b129c9d958e0d1bed3e3d4 1 32
if you verify this back in AS3 the result is exactly the same.

Tomas, could you please publish your test results?

grtz,

Maurits

 
At 12:22 PM, Blogger cisnky said...

How do I decrypt something that has been encrypted with this library?

 
At 1:34 PM, Anonymous Anonymous said...

MD5 and SHA1 are one way only. You cannot decrypt the result.

 
At 1:41 PM, Blogger cisnky said...

Yeah, just realised. Looking at TwoFish.

Thanks.

 
At 3:29 PM, Blogger Feldin said...

For those of you hwo gets this error:
Warning: 3596: Duplicate variable definition...

you should change lines 228 and 229 so they would be like this:

for(var j:Number = 0; j < input.length * 8; j += 8)

output[j>>5] |= (input.charCodeAt(j / 8) & 0xFF) << (j%32);

at least it solved the problem for me.

 
At 2:21 AM, Anonymous Tanmay Patel said...

Thnx Mate :)

 
At 10:43 PM, Anonymous Max said...

That's cool, thanks alot!!

 
At 3:22 PM, Anonymous Sotta said...

@feldin

best solution is to just remove the var keyword from the second loop.

since you're setting it to 0, there's no problem, and since you use the same variable (i) you end up using a few less bytes of memory =P

 
At 5:36 PM, Anonymous superddr said...

thanks for sharing,your post is the first on the google results.congratulations!

 
At 11:19 PM, Anonymous Jeremy Glover said...

Thanks for the great code. It works really well and is easy to use!

 
At 6:28 PM, Anonymous brian said...

Thanks duder! This is rad and utterly useful.

 
At 1:48 PM, Blogger suma gowda said...

Thank You! :-)

 
At 4:26 PM, Anonymous mankko said...

Nice one. Thanx.

 
At 11:14 PM, Blogger Ben said...

any idea why i would receive this error?

1061: Call to a possibly undefined method encrypt through a reference with static type Class.

I imported everything with the whole root (com/...) thanks, any help is appreciated

 
At 9:23 AM, Anonymous Fun-Creative said...

Thanks a lot

 
At 1:08 AM, Anonymous Anonymous said...

thanks...

 
At 2:03 AM, Anonymous Gurpreet Singh said...

Thanks for the script!

Re: any idea why i would receive this error?

You should use it like
MD5.encrypt (with class name 'MD5' not object) as encyprt is static function.

 
At 12:24 PM, Anonymous Anonymous said...

_Many_ thanks! This is _exactly_ what I needed, and saves me fiddling around with porting my C code over.

 
At 9:57 AM, Blogger tretiy3 said...

It doesn`t work man.

python:

>>> test = md5.md5("this is a test")
>>> print test.hexdigest()
54b0c58c7ce9f2a8b551351102ee0938

AS3:

trace("test");
trace(MD5.encrypt("this is a test"));

test
aaa0bf3ddf38b4a318ea48cb62ba37c8

 
At 8:40 AM, Anonymous Anonymous said...

Hello,
the script is working properly! but I have a question, how do I set the output to be in Base64 not hex?

 
At 3:05 AM, Anonymous theme said...

useful code figured id sum up the minor bug fixes for ppl using flash cs4 as3 md5
simply put the lines with the array errors needed a "new " added in front of it ex: "Array(16)" becomes "new Array(16)"
as far as the duplicate variables you just need to remove the var and the type of variable ex: "var i:number" would become "i"
so the line 228 error about the duplicate variables would become:

for(i = 0; i < input.length * 8; i += 8)

 
At 6:21 PM, Blogger Cato Paus said...

Do you know how to tweak it to PostgreSQL md5?

 
At 7:16 PM, Anonymous FletcherMundungus said...

Wonderful lib ! I spent hours trying to set up some hypercomplex as3 crypto lib to work with php, and yours worked from the first go. Thanks a million !!

 
At 2:00 PM, Blogger Petersan said...

Thank you!

 
At 1:53 AM, Blogger camilogc2 said...

thanks!!!!!!!!!!!!!!!!

 
At 4:08 PM, Anonymous Spanish Joe said...

Dude this is awesome. Thanks for saving a bunch of my time by writing this up!

 
At 9:49 PM, Anonymous Anonymous said...

Thanks for the port! Included just what I needed without all the extras that other packages include.

Integrated and tested it within a minute or two.

 
At 7:52 PM, Anonymous Anonymous said...

Thanks a lot! :D

I used this ".as" in my project and worked like a charm!...

SHA1.encrypt(SHA1.encrypt(user.text+pass.text));

Secure enough for me! :)

 
At 5:21 PM, Blogger lostoceansoul said...

Thanks. It is simple and works great!

 
At 7:58 AM, Anonymous Olivier said...

Thanx a lot.

 
At 5:00 PM, Anonymous Anonymous said...

Thank you very much!

 
At 6:51 AM, Anonymous Anonymous said...

Good work, man, 10x for sharing.

 

Post a Comment

<< Home