Howard,

I think you are reading the code wrong.  In #processFinalBuffer:bitLength: a 
final buffer of soze 64 BYTES is being created and populated.  That is 512 
bits.  Both SecureHashAlgorithm, from the base image, and SHA1, from the 
Cryptography Team Package are doing this.

Rob

----- Original Message ----- 
From: "Howard Stearns" <howard.stearns at qwaq.com>
To: "The general-purpose Squeak developers list" 
<squeak-dev at lists.squeakfoundation.org>
Sent: Monday, October 29, 2007 2:05 PM
Subject: does SecureHashAlgorithm pad correctly?


> The class comment for SecureHashAlgorithm says it implements the SHA 
> standard, but I'm not sure it's padding correctly.
>
> My reading of the standard is that all messages -- including zero length 
> messages -- should be padded to 512 bit size in a certain way.
>
> See section "4. Message Padding" of 
> http://www.itl.nist.gov/fipspubs/fip180-1.htm
>
> My reading of the code is that it explicitly fails with an error for zero 
> length messages, and pads to 64 bit sizes.
>
> Am I nuts?
>
> -- 
> Howard Stearns
> AIM: qwaqHoward
> Qwaq: +1-650-331-1437
> office: +1-608-850-4482
> mobile: +1-608-658-2419
>
>