When was message-digest added to ABL? If the answer is >= v11, is there a reasonable way to hash in v10? I want to store a hashed password in progress, to be used as login validation in a ruby/rails front-end. So the ruby hash has to obviously give the same result as the progress hash given the same input(s). i.e. both sides must use a common hash algorithm.
Any advice?
Hi
Prior to 11.0 you had MD5-DIGEST and SHA1-DIGEST.
MD5 has been broken long ago and last week some Google researchers also broke SHA1, so if your security must be very good I'd rather go with OpenSSL (by the way you can also use the DLL or .so from within Progress) and SHA-256 at least.
As for the pragmatic me, I'd stick to SHA1 and wait for my migrating to 11.0, then change this to the built-in MESSAGE-DIGEST with SHA-256... Would be easier, cheaper, and when you see the processing power used by Google in order to find a collision in SHA1, it won't be before a few years at least before SHA1 is really broken. By then you'll have migrated to 11 (or more ;) and to SHA-256 (or more :p)
Regards
JC
Resorting to OpenSSL is usually the best "interoperability" hashing method.
Is not unusual to find different implementations of the same algorithm that produce different results (I've had some of this), specially when running in different platforms. I've found that using OpenSSL in command line mode, is the simplest way (OS-COMMAND in this case).
To answer your first question, MESSAGE-DIGEST was added to the ABL in 11.0
Hi
Prior to 11.0 you had MD5-DIGEST and SHA1-DIGEST.
MD5 has been broken long ago and last week some Google researchers also broke SHA1, so if your security must be very good I'd rather go with OpenSSL (by the way you can also use the DLL or .so from within Progress) and SHA-256 at least.
As for the pragmatic me, I'd stick to SHA1 and wait for my migrating to 11.0, then change this to the built-in MESSAGE-DIGEST with SHA-256... Would be easier, cheaper, and when you see the processing power used by Google in order to find a collision in SHA1, it won't be before a few years at least before SHA1 is really broken. By then you'll have migrated to 11 (or more ;) and to SHA-256 (or more :p)
Regards
JC
Thanks JC, and everyone else for replying.
Thanks Robin. In general, is there a simple resource that tells when a feature was added to Progress/OE ?