Cannot get expected result for Spring4D cryptography examples
There are crypto classes in the Spring4D library, however I cannot get them to work as expected. I am probably using them incorrectly, however the lack of any examples makes things difficult.
For example, on the website https://quickhash.com/hash-sha256-online, I can hash the word "test" to generate the following hash:
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
Using the Spring4D library, the following code creates a different hash:
CreateSHA256.ComputeHash('test').ToString;
leads to:
9EFEA1AEAC9EDA04A892885A65FDAE0E6D9BE8C9FC96DA76D31B929262E12B1D
Upper / lower case aside, this is a very different hash. I know I have to do something wrong, but again there are no use cases, so I stuck on how to do it.
source to share
Hashing algorithms operate on binary data, usually represented using arrays of bytes.
Unfortunately, both of the resources you used provide hashtext capability. For hash text, you first need to convert the text to binary. This requires a choice of encoding. And none of the methods makes it clear what this choice is.
When I use this Delphi code:
LowerCase(CreateSHA256.ComputeHash(TEncoding.UTF8.GetBytes('test')).ToString)
I get the same hash as in your question.
I urge you to never try to encrypt / hashtext and treat these operations as working in binary instead. Always use explicit encoding and then encrypt / hash the byte array the encoding created.
I chose UTF-8 encoding here because it is full Unicode encoding and tends to be space efficient. However, I don't think your online coder is using UTF-8. Actually I have no idea what encoding it is using, it is unclear on the matter. This is of course the same old problem that text is different from binary.
In my opinion, this is a design flaw in the Delphi library you are using, which allows hash text without explicitly choosing the encoding. If there is to be a function in that library that has a hash text, then it should require the caller to provide an additional parameter TEncoding
.
source to share
There is no internal conversion, so it hashes a UnicodeString that is at least 2 bytes per character.
If you want the same output as the page you have to use UTF8Encode or pass the AnsiString directly.
However, I tried multiple lines containing different Unicode characters and the page returned a different result. So I'm not really sure how they relate to strings. I think this is the code page.
Edit: if you use this page http://www.xorbin.com/tools/sha256-hash-calculator it generates the same hash as TSHA256 with UTF8Encode.
source to share
What type of string are you using? Whether you are using AnsiString or WideString (Unicode string). Delphi 2009 and Newer use WideString by default.
Why is the string type inportant? The entire hashing algorithm operates on raw data bytes, so it is important that each character in your string is stored in one byte of memory (AnsiString) or multiple bytes of memory (WideString).
source to share