Outils pour utilisateurs

Outils du site


php:vizhash_gd

VizHash GD - a visual hash

What is a visual hash ?

MD5 and SHA1 are common hashing function, which produce a binary or hex string. A visual hash works the same, but produces an image.

Like MD5 or SHA1:

  • It takes an arbitrary, variable-size input.
  • It's a one-way function.
  • The image is unique to the input string (it's a fingerprint)
  • A single bit of difference in the input string produces a totally different image.
  • It's not possible to deduce the input string from the image (except by bruteforcing).

What is VizHash GD ?

VisHash GD is an implementation of a visual hash in php. It is free software, under the zlib/libpng OSI licence.

Features:

  • Can produce images up to 256x256.
  • Visual hashes keep their visual features even if scaled (see examples below)
  • Uses only php and basic GD (which are available almost everywhere). Does not use imagefilter GD functions (which are not available everywhere).
  • Runs under php4 and php5.
  • VizHash GD is not beautiful (no fractals, wavelets or high-end filters). It's designed to be fast, light on CPU and to produce images which are easy to differentiate.

Examples

The vizhash of the string "hi" in different sizes:

16x16:

80x80:

128x128:

256x256:

32x32:

Stretched vertically:
32x128:

Stretched horizontally:
128x32:

A few domain names hashed:

facebook.com

mozilla.com

twitter.com

commentcamarche.net

google.fr

siteduzero.com

slashdot.org

sourceforge.net

(Yes, I know it's ugly. But beauty is not the point.)

Licence

Vizhash_GD is under the zlib/libpng OSI licence.

Source

Current version is 0.0.4 beta. It's only play-test code and could probably be improved, but it works.

An online service is available for you to test: http://sebsauvage.net/vizhash_gd.php - PLEASE DO NOT HAMMER THIS SERVICE or I will have to take it down. Do not hotlink images to this URL: Install the script on your own server. Thank you.

Applications

Many applications can be envisioned:

  • Avatars: VizHash can be used as an avatar in forums or blog comments. Simply hash the IP (or email) address and feed into VizHash GD and BAM ! You have a unique icon for each visitor, specific to its IP or email address. Example: It is currently is in use in discussions on this wiki (3 lines modified in DokuWiki), and also in ZeroBin discussions.
  • File integrity: Instead of the cumbersome manual comparison of MD5 after downloading a file, you could check the integrity of the file in an eye-blink (A file manager extension could be developed for this purpose). If the visual hash matches, the file is valid. See this article (in French) for a mock screenshot.
  • Protection against TabJacking: VizHash could be used - for example - as a persona in Firefox to give a visual hint of the real domain the user is currently on. See this article (in French) for a mock screenshot.
  • Password check : Make sure you typed the right password without displaying it on screen (à la Lotus Notes).
  • Anything you can think of…

Java implementation

Edouard de Labareyre has developed a Java version of Vizhash GD which is visually compatible with the php version (This means that the generated images are the same between the Java and php version for the same input).

Javascript implementation

Sam & Max has implemented a visual hash in javascript which uses HTML5 canvas. It is visually close (but not identical) to the php and java version. VizHash.js is under the zlib/libpng licence.

Other visual hashes:

Discussion

Thomas Kowalksi, 2011/06/01 11:55

Bonjour, Je trouve que c'est une très bonne idée, cependant, quand j'entre t hi, je n'obtiens pas le même résultat que vous. Pourquoi ? Merci d'avance Un de vos lecteurs

Sébastien SAUVAGE, 2011/06/01 15:23

Tu as bien cette URL là ?: http://sebsauvage.net/vizhash_gd.php?t=hi

Sinon essai de presser CTRL+F5 pour forcer le rafraichissement de la page.

Thomas Kowalski, 2011/06/02 06:26, 2011/06/03 08:05

Pardon, je mettais t hi dans la textbox à la place de hi

Merci !

Le lapin masqué, 2011/12/18 10:43

Argh ! J'arrive pas à le faire marcher, et pourtant il n'y a pas d'erreurs dans les logs, et :

gd GD Support enabled GD Version 2.0 FreeType Support enabled FreeType Linkage with freetype FreeType Version 2.4.4 T1Lib Support enabled GIF Read Support enabled GIF Create Support enabled JPEG Support enabled libJPEG Version 6b PNG Support enabled libPNG Version 1.2.46 WBMP Support enabled

Gni !

Sébastien SAUVAGE, 2012/01/30 14:49

Pas d'erreur dans les logs ? Arg. Essaie en ajoutant error_reporting(-1); au début du code pour avoir tous les messages d'erreur.

JeromeJ, 2012/08/19 21:48, 2012/11/16 14:44

Merci beaucoup ! C'est très pratique :-) Je vais l'utiliser afin de générer des identifiants anonymes uniques et temporaires facile à identifier en un clin d'oeil =) (et ça empêchera par la même tout abus de la fonction “anonyme”)

Michael, 2016/11/11 19:39

Those hash pictures remind me of the 2001: A Space Odyssey Star-Gate sequence. Real neat!

setop, 2016/12/13 10:08

Bonjour,

Un article intéressant de Mozilla à ce sujet : https://wiki.mozilla.org/Identity/Watchdog/Visual_Hashing

Un point important qu'ils soulèvent est dans le cas de hash de mot de passe : ils ajoutent un part d'aléatoire, invisible à l’œil nu pour compliquer le travail d'une machine qui tenterai de calculer le hash inverse.

Le risque existe dans ton code puisque sha1 (et md5) n'est plus considéré comme totalement sûr.

Pour un usage de vérification d'intégrité, je pense que le risque est plus faible.

Sébastien SAUVAGE, 2019/05/02 20:32

Bonjour.

La discussion est désormais fermée sur cette page.

php/vizhash_gd.txt · Dernière modification : 2019/07/25 15:22 de sebsauvage