Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #38000 > unrolled thread

Need some help confirming transactions using sha256

Started bykryptox.exchange@gmail.com
First post2013-01-31 08:43 -0800
Last post2013-02-01 15:34 +0100
Articles 5 — 3 participants

Back to article view | Back to comp.lang.python

Contents

  Need some help confirming transactions using sha256 kryptox.exchange@gmail.com - 2013-01-31 08:43 -0800
    Re: Need some help confirming transactions using sha256 kryptox.exchange@gmail.com - 2013-01-31 09:30 -0800
    Re: Need some help confirming transactions using sha256 Peter Pearson <ppearson@nowhere.invalid> - 2013-01-31 17:55 +0000
      Re: Need some help confirming transactions using sha256 kryptox.exchange@gmail.com - 2013-01-31 10:44 -0800
      Re: Need some help confirming transactions using sha256 Christian Heimes <christian@python.org> - 2013-02-01 15:34 +0100

#38000 — Need some help confirming transactions using sha256

Fromkryptox.exchange@gmail.com
Date2013-01-31 08:43 -0800
SubjectNeed some help confirming transactions using sha256
Message-ID<21037ba0-57e5-4e44-8d50-6503a1187492@googlegroups.com>
I'm wondering if anyone can help me as I can't seem to get this to work. There is an online dice game that is provably fair by calculating the 'dice roll' using using a sha256 hash calculated against my transaction ID generated by me. The secret used to make the calculation is revealed at the end of each day thus allowing you to prove they didn't cheat. So they provide the following to allow you to verify the calculation of the dice roll:

Secret used = r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA
Secret hash sha256(r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA) = 48d78d573b9b8e11a13a72d9a78011f2e5d9754d89de47b209f32c51777f535d
Lucky hash sha256(r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA:108128 06653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1) = dfa8769be81a543002865c88a5b52fa07f3b67fc7cd9b519c3f6a6452bcd48e4

Lucky Number 0x48e4 = 18660


So, I'm doing the following:

C:\Python27>python
Python 2.7.3 (default, Apr 10 2012, 23:24:47) [MSC v.1500 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib, hmac
>>> txid = 'r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA'
>>> secret = '10812806653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1'
>>> for nout in range(10): print nout, int(hmac.new(secret, "%s:%d" % (txid, nout), hashlib.sha256).hexdigest()[:4], 16)
...
0 39800
1 4705
2 24058
3 11188
4 36307
5 781
6 62165
7 44612
8 17042
9 46099
>>>

idx 1 should equal 18660 but it doesn't. What am I doing wrong?


Secondly, I'm wondering if someone could help take it one step further. I would like to import a .txt file with a unique transaction ID on each line. So txid = transactions.txt or something like this. I would like it to get the "lucky number" based on a static sha256 which I would supply and the script would output the result to a text file. I'd like the output to be for idx 1 only.

ie.
"txid here", "lucky number for idx 1"

Thanks for any help in advance!
	
Edit/Delete Message

[toc] | [next] | [standalone]

#38002

Fromkryptox.exchange@gmail.com
Date2013-01-31 09:30 -0800
Message-ID<86472650-e712-4fc4-9ca5-0a6b96229210@googlegroups.com>
In reply to#38000
Ok, I'm still stuck! :(

I do however now think that I'm not supposed to use hmac here.

[toc] | [prev] | [next] | [standalone]

#38005

FromPeter Pearson <ppearson@nowhere.invalid>
Date2013-01-31 17:55 +0000
Message-ID<amvpfoF7s8gU1@mid.individual.net>
In reply to#38000
On Thu, 31 Jan 2013 08:43:03 -0800 (PST), kryptox.exchange@gmail.com wrote:

> I'm wondering if anyone can help me as I can't seem to get
> this to work. There is an online dice game that is
> provably fair by calculating the 'dice roll' using using a
> sha256 hash calculated against my transaction ID generated
> by me. The secret used to make the calculation is revealed
> at the end of each day thus allowing you to prove they
> didn't cheat. So they provide the following to allow you
> to verify the calculation of the dice roll:
>
> Secret used = r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA
> Secret hash sha256(r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA) = 48d78d573b9b8e11a13a72d9a78011f2e5d9754d89de47b209f32c51777f535d
> Lucky hash sha256(r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA:108128 06653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1) = dfa8769be81a543002865c88a5b52fa07f3b67fc7cd9b519c3f6a6452bcd48e4
>
> Lucky Number 0x48e4 = 18660
>
> So, I'm doing the following:
>
> C:\Python27>python
> Python 2.7.3 (default, Apr 10 2012, 23:24:47) [MSC v.1500 64 bit (AMD64)] on win32
> Type "help", "copyright", "credits" or "license" for more information.
>>>> import hashlib, hmac
>>>> txid = 'r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA'
>>>> secret = '10812806653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1'
[snip]

>>> txid = 'r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA'
>>> secret = '10812806653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1'
>>> hashlib.sha256(txid+":"+secret).hexdigest()
'dfa8769be81a543002865c88a5b52fa07f3b67fc7cd9b519c3f6a6452bcd48e4'
>>> 0x48e4
18660
>>> 

. . . which is the number you wanted, right?


-- 
To email me, substitute nowhere->spamcop, invalid->net.

[toc] | [prev] | [next] | [standalone]

#38008

Fromkryptox.exchange@gmail.com
Date2013-01-31 10:44 -0800
Message-ID<b2cc5521-d5c7-456c-8df6-69ca00e079c4@googlegroups.com>
In reply to#38005
On Thursday, January 31, 2013 6:55:05 PM UTC+1, Peter Pearson wrote:
> On Thu, 31 Jan 2013 08:43:03 -0800 (PST), kryptox.exchange@gmail.com wrote:
> 
> 
> 
> > I'm wondering if anyone can help me as I can't seem to get
> 
> > this to work. There is an online dice game that is
> 
> > provably fair by calculating the 'dice roll' using using a
> 
> > sha256 hash calculated against my transaction ID generated
> 
> > by me. The secret used to make the calculation is revealed
> 
> > at the end of each day thus allowing you to prove they
> 
> > didn't cheat. So they provide the following to allow you
> 
> > to verify the calculation of the dice roll:
> 
> >
> 
> > Secret used = r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA
> 
> > Secret hash sha256(r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA) = 48d78d573b9b8e11a13a72d9a78011f2e5d9754d89de47b209f32c51777f535d
> 
> > Lucky hash sha256(r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA:108128 06653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1) = dfa8769be81a543002865c88a5b52fa07f3b67fc7cd9b519c3f6a6452bcd48e4
> 
> >
> 
> > Lucky Number 0x48e4 = 18660
> 
> >
> 
> > So, I'm doing the following:
> 
> >
> 
> > C:\Python27>python
> 
> > Python 2.7.3 (default, Apr 10 2012, 23:24:47) [MSC v.1500 64 bit (AMD64)] on win32
> 
> > Type "help", "copyright", "credits" or "license" for more information.
> 
> >>>> import hashlib, hmac
> 
> >>>> txid = 'r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA'
> 
> >>>> secret = '10812806653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1'
> 
> [snip]
> 
> 
> 
> >>> txid = 'r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA'
> 
> >>> secret = '10812806653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1'
> 
> >>> hashlib.sha256(txid+":"+secret).hexdigest()
> 
> 'dfa8769be81a543002865c88a5b52fa07f3b67fc7cd9b519c3f6a6452bcd48e4'
> 
> >>> 0x48e4
> 
> 18660
> 
> >>> 
> 
> 
> 
> . . . which is the number you wanted, right?
> 
> 
> 
> 
> 
> -- 
> 
> To email me, substitute nowhere->spamcop, invalid->net.


Yes, thank you Peter!

[toc] | [prev] | [next] | [standalone]

#38040

FromChristian Heimes <christian@python.org>
Date2013-02-01 15:34 +0100
Message-ID<mailman.1278.1359729277.2939.python-list@python.org>
In reply to#38005
Am 31.01.2013 18:55, schrieb Peter Pearson:
>>>> txid = 'r7A7clvs9waizF+6QEiI0tgAq1ar48JItK3kg9kaeAFXz2vsMsHmOd9r9fhkmtxTz3CQnGAPMaDeKLvgb1A2VA'
>>>> secret = '10812806653842663997bf5971637f86f26c71a4716276d7fa8f323a83588d91:1'
>>>> hashlib.sha256(txid+":"+secret).hexdigest()
> 'dfa8769be81a543002865c88a5b52fa07f3b67fc7cd9b519c3f6a6452bcd48e4'
>>>> 0x48e4
> 18660
>>>>
> 
> .. . . which is the number you wanted, right?

Kryptox, you have chosen the correct algorithm to calculate a MAC. Very
good!

But the designers of the game are using an improper algorithm.
Apparently they don't know much about cryptography, especially length
extension attacks ...

Christian

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web