Table des matières
VizHash GD - a visual hash
What is a visual hash ?
MD5 and SHA1 are common hashing function, which produce a binary or hex string. A visual hash works the same, but produces an image.
Like MD5 or SHA1:
- It takes an arbitrary, variable-size input.
- It's a one-way function.
- The image is unique to the input string (it's a fingerprint)
- A single bit of difference in the input string produces a totally different image.
- It's not possible to deduce the input string from the image (except by bruteforcing).
What is VizHash GD ?
VisHash GD is an implementation of a visual hash in php. It is free software, under the zlib/libpng OSI licence.
Features:
- Can produce images up to 256x256.
- Visual hashes keep their visual features even if scaled (see examples below)
- Uses only php and basic GD (which are available almost everywhere). Does not use imagefilter GD functions (which are not available everywhere).
- Runs under php4 and php5.
- VizHash GD is not beautiful (no fractals, wavelets or high-end filters). It's designed to be fast, light on CPU and to produce images which are easy to differentiate.
Examples
The vizhash of the string "hi" in different sizes:
16x16: | 80x80: | 128x128: | 256x256: |
32x32: | Stretched vertically: 32x128: | Stretched horizontally: 128x32: |
A few domain names hashed:
facebook.com | mozilla.com | twitter.com | commentcamarche.net |
google.fr | siteduzero.com | slashdot.org | sourceforge.net |
(Yes, I know it's ugly. But beauty is not the point.)
Licence
Vizhash_GD is under the zlib/libpng OSI licence.
Source
Current version is 0.0.4 beta. It's only play-test code and could probably be improved, but it works.
- Source: VizHash GD source
An online service is available for you to test: http://sebsauvage.net/vizhash_gd.php - PLEASE DO NOT HAMMER THIS SERVICE or I will have to take it down. Do not hotlink images to this URL: Install the script on your own server. Thank you.
Applications
Many applications can be envisioned:
- Avatars: VizHash can be used as an avatar in forums or blog comments. Simply hash the IP (or email) address and feed into VizHash GD and BAM ! You have a unique icon for each visitor, specific to its IP or email address. Example: It is currently is in use in discussions on this wiki (3 lines modified in DokuWiki), and also in ZeroBin discussions.
- File integrity: Instead of the cumbersome manual comparison of MD5 after downloading a file, you could check the integrity of the file in an eye-blink (A file manager extension could be developed for this purpose). If the visual hash matches, the file is valid. See this article (in French) for a mock screenshot.
- Protection against TabJacking: VizHash could be used - for example - as a persona in Firefox to give a visual hint of the real domain the user is currently on. See this article (in French) for a mock screenshot.
- Password check : Make sure you typed the right password without displaying it on screen (à la Lotus Notes).
- Anything you can think of…
Links
Java implementation
Edouard de Labareyre has developed a Java version of Vizhash GD which is visually compatible with the php version (This means that the generated images are the same between the Java and php version for the same input).
Javascript implementation
Sam & Max has implemented a visual hash in javascript which uses HTML5 canvas. It is visually close (but not identical) to the php and java version. VizHash.js is under the zlib/libpng licence.
- Article (in french)
- Password hash example (on jsFiddle)
- Download the lib (zip file)
Other visual hashes:
- OpenSSH also has its visual hash implementation, in ascii art.
- VisualHash by Chris Harrison.
- MonsterID creates a unique avatar built from different monster pieces picked according to IP or email adress of visitors.
- RoboHash, with three different facestyles and optional background. Opensource.
- I lost a few links - doh.
Discussion
Bonjour, Je trouve que c'est une très bonne idée, cependant, quand j'entre
t hi
, je n'obtiens pas le même résultat que vous. Pourquoi ? Merci d'avance Un de vos lecteursTu as bien cette URL là ?: http://sebsauvage.net/vizhash_gd.php?t=hi
Sinon essai de presser CTRL+F5 pour forcer le rafraichissement de la page.
Pardon, je mettais
t hi
dans la textbox à la place dehi
Merci !
Argh ! J'arrive pas à le faire marcher, et pourtant il n'y a pas d'erreurs dans les logs, et :
gd GD Support enabled GD Version 2.0 FreeType Support enabled FreeType Linkage with freetype FreeType Version 2.4.4 T1Lib Support enabled GIF Read Support enabled GIF Create Support enabled JPEG Support enabled libJPEG Version 6b PNG Support enabled libPNG Version 1.2.46 WBMP Support enabled
Gni !
Pas d'erreur dans les logs ? Arg. Essaie en ajoutant
error_reporting(-1);
au début du code pour avoir tous les messages d'erreur.Merci beaucoup ! C'est très pratique Je vais l'utiliser afin de générer des identifiants anonymes uniques et temporaires facile à identifier en un clin d'oeil (et ça empêchera par la même tout abus de la fonction “anonyme”)
Those hash pictures remind me of the 2001: A Space Odyssey Star-Gate sequence. Real neat!
Bonjour,
Un article intéressant de Mozilla à ce sujet : https://wiki.mozilla.org/Identity/Watchdog/Visual_Hashing
Un point important qu'ils soulèvent est dans le cas de hash de mot de passe : ils ajoutent un part d'aléatoire, invisible à l’œil nu pour compliquer le travail d'une machine qui tenterai de calculer le hash inverse.
Le risque existe dans ton code puisque sha1 (et md5) n'est plus considéré comme totalement sûr.
Pour un usage de vérification d'intégrité, je pense que le risque est plus faible.
Bonjour.
La discussion est désormais fermée sur cette page.