HashLib - Cryptographic hashes in pure Lua

Performance wise? Sure.
But why would you be doing that?

I’m interested in knowing why he would as well.

What can be a good use for it?

The Game Analytics SDK uses it now, which is a good example of the use of it.

Yo, I’m glad you decided to make this because I have a desire to tinker with cryptography! Sent you a friend request on Roblox so I don’t forget to credit you if anything comes of it. Thanks BB and HMS

I don’t think he accepts friend requests from random people. He’s a pretty busy guy. You’d an credit him in the description of your game without friending him.

Thanks for being his spokesman. I was just kidding! How do I decrypt the hash spokesman? I’m hardly random, just keeping the thread alive lol but seriously! How do I reverse the hash back into what it was? People I don’t know are always telling me what to do! shameful.

As stated previously, it is not meant to be decoded.

This is because it is not intended to encrypt/decrypt data for, say, communicating with a remote server but for use to store credentials (such as passwords) instead of the raw string i.e. If you have a password in your game, then instead of doing

local password: string = "password123"

which could potentially be discovered, ruining the point of a password you can do

local password: string = "ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f"

and then you can check the password by converting the input using the same hash function, for example:

local hashLib = require(script.HashLib)
local password: string = "ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f"
local inputBox: TextBox

inputBox:GetPropertyChangedSignal("Text"):Connect(function()
	local hashedString: string = HashLib.sha256(inputBox.Text) -- Doesn't matter which algorithm, so long as it is the same as the pre-defined variable
	if hashedString == password then
		-- Correct password
	else
		-- Wrong password
	end
end)

Edit: I know this is 3 months after you posted but I only looked at this module now and figured it might still be useful.
Edit2: Came back to change code to Luau style guide format.

I appreciate your reply. I find this information very useful as it goes hand in hand with block chaining but the password scenario is even sweeter!

how to un-hash a hashed strings into a proper word using this module?

See boatbomber’s, buildthomases, and my own reply. You cannot “decrypt” a checksum (hashed text) because it is never encrypted. The whole point of hash functions are to create a deterministic checksum, that cannot be converted back (i.e. The hash function has pre-image resistance - given h(x) it should be infeasible to determine x).

I suggest you upload another variant of this as a Github Repository for people who wish to use this externally and from an official source.

Was just searching for this on Wally since I had HashLib vendored in a project I’m a collaborator on. Now that I know this exists and that it’s on Wally, I will be switching all my other hashing implementations over to HashLib. Nice to know this is available!

Super happy with this, it provides a wide range of hashing functions and looks to be highly performant too! My go-to module supports only SHA256 and I don’t dare find out if it’s really unoptimised. If anyone wants a use case, I use hashing to enforce the server being the only machine allowed to connect players to other places in an experience as the option is not natively provided.

Best part is that there’s no colon syntax on the exported functions so this works well with import destructuring when I’m only concerned about using one hashing method.

HashLib on Wally

Looking at the gist of original base64 module it looks like a new version has been released by the creator of it, perhaps worth taking a look at and/or making some changes if needed!

Also I recommend renaming the HashLib (main module) to “MainModule” for sake of easier requiring from an official online source (my Github OpenSource suggestion still stands)

local x = require(4544052033) print(x)

Source: Roblox Globals | Documentation - Roblox Creator Hub

This module is for hashing text, and that also implies allowing for better security in games. Requiring IDs is not secure, and will take some extra time to load.

Care to elaborate about

?
Also, I rather have latest & greatest version for safety rather than an offline & local version that can potentially become outdated without me knowing.

The module can be changed at any time, meaning a backdoor can be added, or functionality changes which breaks games without notice. I like to insert modules instead of requiring their ID because of this.

This logic applies to all modules out there, and it doesn’t mean we should be staying away from using require’s convenient feature like this. Nor does this prevent you from using an offline version, up to the preference really. It’s all about having options to choose from.

Sorry for the necro but I think what hes trying to say is to not have a bunch of requires for your game for the following reasons:

1. If it’s untrusted / gets into the wrong hands you could get a backdoor in your game.
2. You are having to load in all of the modules at runtime for your game which is not good for timing as you might need them before they are loaded.
3. You won’t get the intelisense because you don’t know the contents.
4. As your game get’s older if the package updates it could break your game where as if you had a static module then it would work forever (unless roblox dose that thing where the deprecate features and break games)