====== VizHash GD - a visual hash ======
===== What is a visual hash ? =====
MD5 and SHA1 are common hashing function, which produce a binary or hex string. A visual hash works the same, but produces an image.
Like MD5 or SHA1:
* It takes an arbitrary, variable-size input.
* It's a one-way function.
* The image is unique to the input string (it's a fingerprint)
* A single bit of difference in the input string produces a totally different image.
* It's not possible to deduce the input string from the image (except by bruteforcing).
===== What is VizHash GD ? =====
VisHash GD is an implementation of a visual hash in php. It is free software, under the [[http://www.opensource.org/licenses/zlib-license.php|zlib/libpng OSI licence]].
Features:
* Can produce images up to 256x256.
* Visual hashes keep their visual features even if scaled (see examples below)
* Uses only php and basic GD (which are available almost everywhere). Does not use imagefilter GD functions (which are //not// available everywhere).
* Runs under php4 and php5.
* VizHash GD is //not// beautiful (no fractals, wavelets or high-end filters). It's designed to be fast, light on CPU and to produce images which are easy to differentiate.
===== Examples =====
The vizhash of the string "hi" in different sizes:
| 16x16:
| 80x80:
| 128x128:
| 256x256:
|
| 32x32:
| Stretched vertically:\\ 32x128:
| Stretched horizontally:\\ 128x32:
| ::: |
A few domain names hashed:
| facebook.com
| mozilla.com
| twitter.com
| commentcamarche.net
|
| google.fr
| siteduzero.com
| slashdot.org
| sourceforge.net
|
(Yes, I know it's ugly. But beauty is not the point.)
===== Licence =====
Vizhash_GD is under the [[http://www.opensource.org/licenses/zlib-license.php|zlib/libpng OSI licence]].
===== Source =====
Current version is 0.0.4 beta.
It's only play-test code and could probably be improved, but it works.
* Source: [[VizHash GD source]]
An online service is available for you to test: [[http://sebsauvage.net/vizhash_gd.php|http://sebsauvage.net/vizhash_gd.php]] - **PLEASE DO NOT HAMMER THIS SERVICE** or I will have to take it down. Do not hotlink images to this URL: Install the script on your own server. Thank you.
===== Applications =====
Many applications can be envisioned:
* **Avatars**: VizHash can be used as an avatar in forums or blog comments. Simply hash the IP (or email) address and feed into VizHash GD and BAM ! You have a unique icon for each visitor, specific to its IP or email address. Example: It is currently is in use in discussions on this wiki (3 lines modified in DokuWiki), and also in [[php:zerobin|ZeroBin]] discussions.
* **File integrity**: Instead of the cumbersome manual comparison of MD5 after downloading a file, you could check the integrity of the file in an eye-blink (A file manager extension could be developed for this purpose). If the visual hash matches, the file is valid. See [[http://sebsauvage.net/rhaa/index.php?2010/05/27/20/38/53-tabjacking-est-ce-vraiment-un-probleme|this article]] (in French) for a mock screenshot.
* **Protection against TabJacking**: VizHash could be used - for example - as a persona in Firefox to give a visual hint of the real domain the user is currently on. See [[http://sebsauvage.net/rhaa/index.php?2010/05/27/20/38/53-tabjacking-est-ce-vraiment-un-probleme|this article]] (in French) for a mock screenshot.
* **Password check** : Make sure you typed the right password without displaying it on screen (à la Lotus Notes).
* Anything you can think of...
===== Links =====
==== Java implementation ====
Edouard de Labareyre has developed a Java version of Vizhash GD which is visually compatible with the php version (This means that the generated images are the same between the Java and php version for the same input).
* [[http://codingteam.net/project/inouire_mini_projects/browse/VizHash4j/src/src/net/inouire/vizhash4j/VizHashPanel.java|Source code]]
* [[http://codingteam.net/project/inouire_mini_projects/download/file/vizhash4j_0.1.jar|JAR file]]
==== Javascript implementation ====
Sam & Max has implemented a visual hash in javascript which uses HTML5 canvas. It is visually //close// (but not identical) to the php and java version. VizHash.js is under the zlib/libpng licence.
* [[http://sametmax.com/vizhash-js-notre-implementation-libre-de-hash-visuel-utilisant-html5-canvas/|Article]] (in french)
* [[http://jsfiddle.net/tXKj8/4/light/|Password hash example]] (on jsFiddle)
* [[https://github.com/sametmax/VizHash.js/zipball/master|Download the lib]] (zip file)
==== Other visual hashes: ====
* https://github.com/luxcem/vizhash
* [[http://en.wikipedia.org/wiki/Identicon|Identicon]]
* [[http://digitalconsumption.com/forum/Visiglyphs-for-IP-visualisation|Visiglyphs]]
* [[http://www.pinkandaint.com/oldhome/comp/visprint/|Visprint]]
* [[http://broadcast.oreilly.com/2008/11/ssh-visual-fingerprints.html|OpenSSH]] also has its visual hash implementation, in ascii art.
* [[http://www.chrisharrison.net/projects/visualhash/|VisualHash]] by Chris Harrison.
* [[http://www.splitbrain.org/projects/monsterid|MonsterID]] creates a unique avatar built from different monster pieces picked according to IP or email adress of visitors.
* [[https://robohash.org/|RoboHash]], with three different facestyles and optional background. [[https://github.com/e1ven/Robohash|Opensource]].
* [[http://catavatar.ml/|catavatar.ml]]
* I lost a few links - doh.
~~DISCUSSION:closed~~