Normal view

There are new articles available, click to refresh the page.

Before yesterdayMain stream

The Eclectic Light Company
DropSum 1.2 is more flexible in handling text
27 August 2025 at 14:30

DropSum 1.2 is more flexible in handling text

By: hoakley

27 August 2025 at 14:30

DropSum is my simple drag-and-drop utility for checking MD5 and SHA256 hashes, and using them to compare pairs of files to see if they’re identical.

This new version brings two changes:

Text entered in its two text boxes, where you paste hashes, is now cleaned of any spaces and hyphens, and set in lower case, before being used as a hash, although it’s not altered in the text box. This should save you having to edit what you paste there. Thanks to Panda for requesting that.
I have tried to improve readability when in dark mode in Sequoia and earlier. Thanks to EcleX for requesting this.

That said, the window’s appearance is a compromise between what looks best in Sequoia, and that in Tahoe. To see what I mean, here’s the same app, in its new version 1.2, in two versions of macOS, both in dark mode with Reduce Transparency enabled.

In macOS Tahoe there’s strong contrast throughout, and all text is readable, as it is in light mode.

Yet in macOS Sequoia, white text in unselected text boxes is shown against its orange background, rather than grey or black.

I have a feeling we’re in for an autumn of similar visual discrepancies appearing in other apps, whether or not they’ve been built for compatibility with Tahoe.

DropSum 1.2 for Big Sur and later, including Tahoe, is now available from here: dropsum12
from Downloads above, and from its Product Page.

Its MD5 hash is 9370f006d65eb3f6f65ab97dc78ce345
and SHA256 is f898b580138dc05d273c8b7f16321ad6d6754d76ecabf1c49fcac1d32bc156e6

Enjoy!

Checking data integrity

The Eclectic Light Company

By: hoakley

16 July 2025 at 14:30

How can you check whether important data has acquired errors? It could be in packets transferred over a network, files being stored in the cloud, or those put in an archive for safe-keeping. This article explains how errors can be detected and in some cases corrected.

Checksum

One quick and simple way to keep track of whether errors have crept in is to add all the byte values together using modulo arithmetic, and see if that number matches what we expect. Modulo addition ensures the sum never exceeds 255 (for 8-bit bytes), but it also means there’s a 1 in 255 chance that the checksum may remain correct even when the data is wrong. There’s an even more serious problem, though, as changing the order of bytes in the data won’t have any effect on their checksum, even though it would scramble the data.

One solution to those is the Fletcher checksum, using two values instead of one. Both start at zero, then the value of the first block of data is added to the first of those. That is then added to the second value, and each time another value is added to the first, their total is added to the second value. At the end the two values are combined to give the Fletcher checksum.

As this only uses modulo addition, it’s extremely quick, so is used with 32-bit blocks for the Fletcher-64 checksum in APFS file system metadata. The chances of a ‘collision’, in which an error fails to show up in the checksum, are almost 1 in 4.3 billion. Wikipedia’s account includes worked examples.

Cyclic redundancy check

These use additional bits to form cyclic codes based on the remainder of a polynomial division of the data contents. Although they sound complex, they use simple binary operations, so can be very quick in use. Again, Wikipedia’s account includes worked examples.

These were originally developed for use over communication channels such as radio, where they are effective against short bursts of errors. Since then they have been widely used in hard disks and optical storage. They have two main disadvantages, in that they can easily be reversed, allowing the original data to be reconstructed, and they can’t protect against intentional modifications.

Hash

Secure Hash Algorithms, SHA, are a family of cryptographic functions based on a one-way compression function. The first, SHA-1, produces a 160-bit value referred to as the digest. Used from 1995, it was broken in 2005, and has been replaced by SHA-2 using digest sizes of 224-512 bits, now most widely used as SHA-256.

For SHA-256, data is processed in 512-bit chunks and subjected to 64 rounds of a compression function before being appended into the 256-bit digest, while SHA-512 uses 1024-bit chunks and 80 rounds. Full details are again given in Wikipedia.

Important properties of cryptographic hash functions include:

There’s a one-to-one mapping between input data and hash, so the same data always generates the same hash.
It’s not feasible to work out the input data for any given hash, making the mapping one-way.
Collisions are so rare as to not occur in practice.
Small changes in the input data result in large changes in the hash, so amplifying any differences.
Hash values should be fairly evenly distributed.

SHA-256 and related hashes are used in code signatures, as CDHashes of the protected parts of each app, bundle, etc. They’re also used to verify the integrity of the Signed System Volume in modern macOS, where they’re assembled into a tree hierarchy so they can be verified lazily, on-demand. More generally, cryptographic hashes are used in message authentication codes (MAC) to verify data integrity in TLS (formerly SSL).

Error-correcting code

Those methods of detecting errors can’t, in general, be used to correct them. The first effective error-correcting code was devised by Richard Hamming, and is named after him. It can correct all single-bit errors, and will detect two-bit errors as well. Wikipedia’s excellent account, complete with explanatory Venn diagrams, is here.

Ten years after Hamming code came Reed-Solomon code (R-S), invented by Irving S Reed and Gustave Solomon. Nearly twenty years later, when Philips Labs were developing the format for CDs, their code was adopted to correct errors in their reading. Unlike others, when used in CDs, R-S codes are applied to bytes rather than bits, in two steps.

The first encodes 24 B of input data into 28 B of code. Interleaving is then performed on those codewords in blocks of 28, or 784 B of codewords, following which a second R-S coding is performed to convert each 28 B into 32 B of code. The overall code rate is thus 24/32, so an input file grows by a third following this double encoding. R-S code is explained in detail in this Wikipedia article.

The reason for such a complex scheme of error-correction in CDs is to correct bursts of errors up to 4 KB, or 500 bytes, representing about 2.5 mm of the track on a CD. Similar methods have been used for DVDs and in parchive files, which were distributed in USENET posts. However, it becomes progressively harder and less efficient to provide error-correction for larger blocks of missing data, which is of course one of the most serious problems in computer storage systems.

macOS

Unlike some file systems including Zfs, APFS and macOS don’t provide any native method for checking the integrity of data stored in files, although macOS does offer SHA-256 and SHA-512 support in CryptoKit. My free suite of two apps (Dintch and Fintch) and a command tool (cintch) offer a robust scheme using CryptoKit’s SHA-256 that I and others have been using for the last five years. Details are in their Product Page.

常见 Hash、对称加密算法时间复杂度对比

中原驿站

By: 胡中元

20 March 2017 at 23:45

最近突然对各种加密算法有点感兴趣，想测试一下各个加密算法在加密同样的一段数据时，消耗的时间各是多少。

于是用 Node.js 写了一个小程序完成了计算，并且将结果生成为一张排行榜，很是有趣，发布到这里，说不定以后会用得上的。

Hash 摘要算法排行榜

time↓ retLength name
=====================================
12.38 40 ecdsa-with-SHA1
12.39 40 dsaWithSHA
12.39 40 dss1
12.41 40 ssl3-sha1
12.41 40 DSA-SHA1-old
12.42 40 dsaWithSHA1
12.42 40 DSA-SHA1
12.44 40 sha1
12.45 40 DSA-SHA
12.49 40 dsaEncryption
12.51 40 DSA
12.52 40 sha1WithRSAEncryption
12.54 40 RSA-SHA1-2
12.54 40 RSA-SHA1
14.72 32 RSA-MD4
14.72 32 md4
14.74 32 md4WithRSAEncryption
17.31 32 ssl2-md5
17.33 32 ssl3-md5
17.33 32 md5
17.33 32 RSA-MD5
17.34 32 md5WithRSAEncryption
18.52 128 sha512WithRSAEncryption
18.55 96 sha384
18.55 128 sha512
18.55 96 sha384WithRSAEncryption
18.79 128 RSA-SHA512
19.42 96 RSA-SHA384
21.78 40 sha
21.82 40 shaWithRSAEncryption
22.22 40 RSA-SHA
27.05 56 sha224WithRSAEncryption
27.06 64 sha256WithRSAEncryption
27.27 56 RSA-SHA224
27.37 56 sha224
27.57 64 RSA-SHA256
27.60 64 sha256
57.38 40 rmd160
57.39 40 ripemd160WithRSA
57.39 40 ripemd
57.39 40 ripemd160
57.53 40 RSA-RIPEMD160
78.92 128 whirlpool
657.74 32 mdc2WithRSA
658.35 32 mdc2
659.48 32 RSA-MDC2

对称加密算法排行榜

cipherTime decipherTime avgTime↓ name
=====================================
26.33 unknown 26.33 id-aes128-GCM
26.49 unknown 26.49 aes-128-gcm
26.52 unknown 26.52 id-aes192-GCM
27.35 unknown 27.35 id-aes256-GCM
27.48 unknown 27.48 aes-192-gcm
27.94 unknown 27.94 aes-256-gcm
25.12 30.89 28.01 aes-128-xts
25.29 30.87 28.08 aes-192-ctr
26.54 31.42 28.98 aes-256-ctr
27.22 31.28 29.25 aes-128-ctr
26.12 32.41 29.26 aes-256-xts
38.23 unknown 38.23 aes-128-ccm
38.29 unknown 38.29 id-aes128-CCM
37.07 43.09 40.08 rc4
25.70 55.17 40.43 aes-192-ecb
26.24 54.79 40.52 aes-128-ecb
25.91 55.21 40.56 aes-256-ecb
41.40 unknown 41.40 id-aes192-CCM
40.07 45.45 42.76 aes-128-ofb
44.35 unknown 44.35 aes-256-ccm
44.58 unknown 44.58 id-aes256-CCM
39.14 54.62 46.88 aes-128-cbc
39.50 55.86 47.68 aes128
45.21 50.54 47.87 aes-128-cfb
46.30 51.85 49.07 aes-256-ofb
41.94 57.43 49.69 aes-192-cbc
44.25 55.84 50.05 aes256
45.72 55.95 50.83 aes-256-cbc
49.21 53.30 51.26 aes-192-cfb
38.77 66.82 52.79 aes-128-cbc-hmac-sha1
51.51 56.69 54.10 aes-256-cfb
44.75 67.53 56.14 aes-256-cbc-hmac-sha1
54.38 59.59 56.98 rc4-hmac-md5
68.07 55.45 61.76 aes192
73.48 50.08 61.78 aes-192-ofb
53.46 81.27 67.36 aes-128-cbc-hmac-sha256
67.95 unknown 67.95 aes-192-ccm
53.43 85.33 69.38 aes-256-cbc-hmac-sha256
92.37 96.32 94.35 camellia-128-cfb
86.76 118.05 102.41 camellia-128-cbc
89.88 119.94 104.91 camellia-128-ecb
115.26 98.84 107.05 camellia-128-ofb
111.06 118.04 114.55 camellia-256-ofb
113.69 117.35 115.52 camellia-256-cfb
113.71 117.39 115.55 camellia-192-cfb
118.05 117.26 117.66 camellia128
107.79 137.33 122.56 camellia256
107.93 137.41 122.67 camellia-192-cbc
107.63 137.71 122.67 camellia192
107.78 137.58 122.68 camellia-256-cbc
109.79 140.16 124.98 camellia-256-ecb
110.63 143.20 126.91 camellia-192-ecb
140.93 116.48 128.70 camellia-192-ofb
131.18 138.02 134.60 cast5-ofb
123.23 152.91 138.07 cast
123.20 153.14 138.17 cast-cbc
124.30 153.77 139.03 cast5-cbc
123.54 154.71 139.12 bf-ecb
128.97 153.40 141.18 blowfish
139.52 143.40 141.46 bf-cfb
129.20 154.59 141.90 bf
128.50 155.55 142.02 bf-cbc
140.97 151.75 146.36 cast5-cfb
160.98 138.92 149.95 bf-ofb
153.84 153.59 153.71 cast5-ecb
169.80 175.30 172.55 seed-ofb
175.17 171.99 173.58 idea-cbc
179.36 197.25 188.30 seed
180.20 199.18 189.69 seed-cbc
204.93 179.90 192.41 seed-cfb
192.36 197.95 195.16 des-ofb
190.88 212.10 201.49 des-cbc
190.91 212.15 201.53 des
200.83 203.79 202.31 des-cfb
190.93 216.70 203.81 desx-cbc
212.52 215.72 214.12 des-ecb
193.71 247.75 220.73 desx
285.34 208.45 246.90 rc2-ecb
287.99 207.70 247.84 rc2-64-cbc
383.14 407.20 395.17 aes-128-cfb8
428.57 433.04 430.80 aes-192-cfb8
472.68 478.71 475.69 des-ede3-ofb
473.08 478.73 475.90 des-ede-ofb
466.29 495.94 481.12 des-ede
466.96 496.02 481.49 des-ede3
469.45 494.77 482.11 des-ede-cbc
470.11 495.39 482.75 des3
480.87 485.29 483.08 des-ede-cfb
471.00 496.02 483.51 des-ede3-cbc
478.58 508.53 493.55 aes-256-cfb8
510.35 485.85 498.10 des-ede3-cfb
1144.31 1161.45 1152.88 camellia-128-cfb8
1433.53 1452.09 1442.81 des-cfb8
1486.53 1500.01 1493.27 camellia-192-cfb8
1490.02 1501.36 1495.69 camellia-256-cfb8
3486.28 3491.02 3488.65 aes-128-cfb1
3742.25 3749.80 3746.02 des-ede3-cfb8
3875.10 3877.43 3876.26 aes-192-cfb1
3990.26 3974.18 3982.22 des-ede3-cfb1
4271.61 4273.34 4272.48 aes-256-cfb1
9526.06 9744.03 9635.05 camellia-128-cfb1
12183.0 12151.8 12167.4 camellia-256-cfb1
12180.5 12200.0 12190.2 camellia-192-cfb1
12273.5 12334.8 12304.2 des-cfb1