Table des matières
VizHash GD - a visual hash
What is a visual hash ?
MD5 and SHA1 are common hashing function, which produce a binary or hex string. A visual hash works the same, but produces an image.
Like MD5 or SHA1:
- It takes an arbitrary, variable-size input.
- It's a one-way function.
- The image is unique to the input string (it's a fingerprint)
- A single bit of difference in the input string produces a totally different image.
- It's not possible to deduce the input string from the image (except by bruteforcing).
What is VizHash GD ?
VisHash GD is an implementation of a visual hash in php. It is free software, under the zlib/libpng OSI licence.
- Can produce images up to 256x256.
- Visual hashes keep their visual features even if scaled (see examples below)
- Uses only php and basic GD (which are available almost everywhere). Does not use imagefilter GD functions (which are not available everywhere).
- Runs under php4 and php5.
- VizHash GD is not beautiful (no fractals, wavelets or high-end filters). It's designed to be fast, light on CPU and to produce images which are easy to differentiate.
The vizhash of the string "hi" in different sizes:
| 16x16:|| 80x80:|| 128x128:|| 256x256:
| 32x32:|| Stretched vertically:|
| Stretched horizontally:
A few domain names hashed:
| facebook.com|| mozilla.com|| twitter.com|| commentcamarche.net
| google.fr|| siteduzero.com|| slashdot.org|| sourceforge.net
(Yes, I know it's ugly. But beauty is not the point.)
Vizhash_GD is under the zlib/libpng OSI licence.
Current version is 0.0.4 beta. It's only play-test code and could probably be improved, but it works.
- Source: VizHash GD source
An online service is available for you to test: http://sebsauvage.net/vizhash_gd.php - PLEASE DO NOT HAMMER THIS SERVICE or I will have to take it down. Do not hotlink images to this URL: Install the script on your own server. Thank you.
Many applications can be envisioned:
- Avatars: VizHash can be used as an avatar in forums or blog comments. Simply hash the IP (or email) address and feed into VizHash GD and BAM ! You have a unique icon for each visitor, specific to its IP or email address. Example: It is currently is in use in discussions on this wiki (3 lines modified in DokuWiki), and also in ZeroBin discussions.
- File integrity: Instead of the cumbersome manual comparison of MD5 after downloading a file, you could check the integrity of the file in an eye-blink (A file manager extension could be developed for this purpose). If the visual hash matches, the file is valid. See this article (in French) for a mock screenshot.
- Protection against TabJacking: VizHash could be used - for example - as a persona in Firefox to give a visual hint of the real domain the user is currently on. See this article (in French) for a mock screenshot.
- Password check : Make sure you typed the right password without displaying it on screen (à la Lotus Notes).
- Anything you can think of…
Edouard de Labareyre has developed a Java version of Vizhash GD which is visually compatible with the php version (This means that the generated images are the same between the Java and php version for the same input).