SA-MP Forums Archive
[Plugin] MurmurHash3 - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Plugin Development (https://sampforum.blast.hk/forumdisplay.php?fid=18)
+--- Thread: [Plugin] MurmurHash3 (/showthread.php?tid=645138)

Pages: 1 2

MurmurHash3 - ShapeGaz - 20.11.2017

MurmurHash3 for SA:MP

What is MurmurHash3?
MurmurHash3 is non-cryptographic hash function(GitHub).
And my plugin allow working with it.

Natives
PHP код:
native MurmurHash(const key[], lenseed); 
Example
Example #1 - Not random hash
Let's make a test hash. Create variable with your key string.
PHP код:
new key[] = "This is my test string"
And now we'll print a hash in the console
PHP код:
printf("Hash: %d",MurmurHash(key,sizeof(key),0)); 
Done. I got:
PHP код:
Hash733688637 
Example #2 - Random hash
Let's make a test random hash. Create variable with your key string.
PHP код:
new key[] = "This is my test string"
And create variable with random number.
PHP код:
new randnumber random(9999); 
And now we'll print a hash in the console.
PHP код:
printf("Random hash: %d",MurmurHash(key,sizeof(key),randnumber)); 
Installation
1. Download MurmurHash3 from Releases page.
2. Extract MurmurHash3.inc to ./pawno/include folder.
3. In your gamemode include MurmurHash3.inc.
4. Extract MurmurHash3.dll or MurmurHash3.so in ./plugins folder.
5. In server.cfg on line "plugins" add MurmurHash3.dll or MurmurHash3.so

Download
Download for Windows
Download for Linux
Source code

Re: MurmurHash3 - Marllun - 20.11.2017

GOOD I will test

Re: MurmurHash3 - Xeon™ - 20.11.2017

I was about to do...

well done!

Re: MurmurHash3 - Gammix - 20.11.2017

Benchmarks in comparison with "strcmp" and other libraries with different algorithms?

Re: MurmurHash3 - MyU - 20.11.2017

Good, but why create multiplie plug-ins for every single hashing function? Would be waaaays more useless if you would make a generalized cryptographic plug-in.

Re: MurmurHash3 - ShapeGaz - 21.11.2017

Quote:
Originally Posted by Gammix
Посмотреть сообщение
Benchmarks in comparison with "strcmp" and other libraries with different algorithms?
I didn't understand, how strcmp relates to hash function? And what you mean?

Quote:
Originally Posted by MyU
Посмотреть сообщение
Good, but why create multiplie plug-ins for every single hashing function? Would be waaaays more useless if you would make a generalized cryptographic plug-in.
It's not bad idea, but that's hash functions not for security, and i think it don't needed, enough one such hash function for plugin.

Re: MurmurHash3 - KingHual - 21.11.2017

your code leaks memory

Re: MurmurHash3 - ShapeGaz - 21.11.2017

Quote:
Originally Posted by KingHual
Посмотреть сообщение
your code leaks memory
Thanks, i fixed it.

Re: MurmurHash3 - Kaperstone - 21.11.2017

Quote:
Originally Posted by ShapeGaz
Посмотреть сообщение
I didn't understand, how strcmp relates to hash function? And what you mean?
I didn't understand the strcmp myself, but must add that definitely in comparison to other regular hashes, this plugin is faster for confirmation if you want to validate a lot of hashes between themselves.
i.e. Int == Int is faster than Str == Str if you have a lot to compare

I think it'd be better to use md5 for anything, but I'd like to see if its faster than y_stringhash
they both produce numerical hash which are good for massive comparison, but the question is if it'd be better (faster) to use this plugin over y_stringhash

Re: MurmurHash3 - ShapeGaz - 21.11.2017

Quote:
Originally Posted by Kaperstone
Посмотреть сообщение
I didn't understand the strcmp myself, but must add that definitely in comparison to other regular hashes, this plugin is faster for confirmation if you want to validate a lot of hashes between themselves.
i.e. Int == Int is faster than Str == Str if you have a lot to compare

I think it'd be better to use md5 for anything, but I'd like to see if its faster than y_stringhash
they both produce numerical hash which are good for massive comparison, but the question is if it'd be better (faster) to use this plugin over y_stringhash
MD5 using for password and security, MurmurHash isn't for it.
Speed test for 10k executings:
Test #1
y_stringhash - 25ms.
MurmurHash - 10ms.

Test #2
y_stringhash - 26ms.
MurmurHash - 10ms.

Test #3
y_stringhash - 25ms.
MurmurHash - 10ms.

Code:
PHP код:
#include <a_samp>
#include <MurmurHash>
#include "YSI_Coding/y_stringhash"
main()
{
  new key[] = "This is test string";
  new tick GetTickCount();
  for(new 010000i++)
  {
    YHash(key);
  }
  new tick1 GetTickCount();
  for(new 010000i++)
  {
    MurmurHash(key,sizeof(key),0);
  }
  new tick2 GetTickCount();
  printf("y_stringhash VS MurmurHash");
  printf("y_stringhash took %dms",tick1-tick);
  printf("MurmurHash took %dms",tick2-tick1);



Re: MurmurHash3 - Raimis_R - 21.11.2017

I don't think it's smart to compare hashing algorithm which it's written in PAWN with your's.

Re: MurmurHash3 - ShapeGaz - 22.11.2017

Quote:
Originally Posted by Raimis_R
Посмотреть сообщение
I don't think it's smart to compare hashing algorithm which it's written in PAWN with your's.
It's not my idea:
Quote:
Originally Posted by Kaperstone
Посмотреть сообщение
but I'd like to see if its faster than y_stringhash
they both produce numerical hash which are good for massive comparison, but the question is if it'd be better (faster) to use this plugin over y_stringhash
Quote:
Originally Posted by ******
Посмотреть сообщение
I do. And I'm impressed with both the way they took on the advice from their last topic, AND the code they used for benchmarking. What I would like to see is a comparison against just the "bernstein()" function from YSI - that's the one used the most throughout my code at least, since it is tuned in assembly.

I would point out that the one advantage of the other hashes over this one is that they can be implemented at compile time (see y_stringhash), and thus for constant strings there is no run-time overhead. But if you aren't doing that, this is good.
Ok, I'll compare it.

Quote:
Originally Posted by Kaperstone
Посмотреть сообщение
I thought that someone else would point that out, but ehh.

No, md5 isn't suitable for password neither security, don't use it for sensitive stuff. (especially passwords)

MD5 for password hashing, even with some salt being added to it is a bad idea.
MD5 wasn't even built for passwords afaik, MD5 is a fast hashing algorithm built for other things.

It is useful for file checking and any other confirmation stuff to check two sums against.
(So only the "security" statement kinda applies here)




Код:
new on‌ServerRun=MurmurHash(key,sizeof(key),randnumber)
Well, without const :\
Why not for security? 128-bit hash value could be good for security(in my opinion).

Re: MurmurHash3 - BigETI - 22.11.2017

Cryptographic hash algorithms are designed to calculate completly obfuscated hashes, where calculating back is literally impossible. Also small changes to the input needs to create a completly different hash. If none of these criteria is fulfilled, it cannot be used for password validity checks.

Re: MurmurHash3 - Kaperstone - 22.11.2017

Quote:
Originally Posted by ShapeGaz
Посмотреть сообщение
Why not for security? 128-bit hash value could be good for security(in my opinion).
Better link than write what already been documented.
https://codahale.com/how-to-safely-store-a-password/
It's an old article but still relevant.'

some more
https://medium.com/@danboterhoven/wh...s-af330100b861
https://yorickpeterse.com/articles/use-bcrypt-fool/


MD5 and other hashes are so fast that you can literally create millions to billions of them.
MD5 and other SHA already have a library full of hashed strings and their results, it is so unsafe that you can literally googl3 "md5 decrypt" and you'll find websites with billions of records of hash results.

Salt won't save the day, even with salt you can map it up or bruteforce easily.
Take collisions to your advantage, generate similar results etc.

You need to delay requests, you need them to be heavy, you need them so even if its local, it still takes time to find a perfect match, you need them as well to take time randomly and inconsistant

Why? Bruteforce
Why different timings? Because if the hash always work slower with longer characters and your salting gives it a signficient difference, the hacker can easily know how long the password should be.
Some people go as far as calculating the time that takes to hash certain passwords and store a database of timings.

What if two use the same password? the time that takes to compute both of them will be similar?


There are lots of concerns about the security of general purpose algorithms such as md5 and sha.

Use long term solutions, bcrypt or even pbkdf2.
(I heard about scrypt exitence, ain't sure about it)

Whirlpool and other algorithms that produce long results are just a temporary solution until we get faster cpu's and can store more hashes than before.

Quote:
Originally Posted by BigETI
Посмотреть сообщение
Cryptographic hash algorithms are designed to calculate completly obfuscated hashes, where calculating back is literally impossible. Also small changes to the input needs to create a completly different hash. If none of these criteria is fulfilled, it cannot be used for password security.
For passwords, it'd be better if the same password would generate a different hash.

Re: MurmurHash3 - BigETI - 22.11.2017

An hashing algorithm that creates a different hash for the same input cannot be used for password validity checks. Hashing algorithms aren't encryption algorithms either.

Re: MurmurHash3 - Kaperstone - 22.11.2017

Quote:
Originally Posted by BigETI
Посмотреть сообщение
An hashing algorithm that creates a different hash for the same input cannot be used for password validity checks.
bcrypt does just that.

When you hash a password, no matter whether it equals to the same one or has 1 character diff. it will always produce different hash, the salt is stored with the result, same as the power of the hashing algorithm.

There's a special validation function for it to check if two passwords match.
(well, the salt and the power present, so you just take them both and use them against the unhashed password, match no match)

Re: MurmurHash3 - ShapeGaz - 22.11.2017

Plugin updated to version 0.4

- Speed has improved
- Fixed bug with len

Re: MurmurHash3 - adri1 - 22.11.2017

Why don't you use SHA256_PassHash function?

Re: MurmurHash3 - ThePhenix - 22.11.2017

Quote:
Originally Posted by adri1
Посмотреть сообщение
Why don't you use SHA256_PassHash function?
Because Murmurhash is not meant to be used for passwords. It could be used for the same purposes as Bernstein.
I would like to see some speed comparisons versus Bernstein as I think Bernstein is definitely faster. I'm not sure.

Re: MurmurHash3 - Chaprnks - 23.11.2017

Quote:
Originally Posted by ******
Посмотреть сообщение
I do. And I'm impressed with both the way they took on the advice from their last topic, AND the code they used for benchmarking. What I would like to see is a comparison against just the "bernstein()" function from YSI - that's the one used the most throughout my code at least, since it is tuned in assembly.

I would point out that the one advantage of the other hashes over this one is that they can be implemented at compile time (see y_stringhash), and thus for constant strings there is no run-time overhead. But if you aren't doing that, this is good.
I'm curious, would this be possible to implement Mumurhash into y_stringhash?