5

i have developed a web application where a user can select multiple files via a input field. Then the sha-256 checksums are calculated by the following code. The code (taken from developer.mozilla.org) only works for small files. What do I have to change to handle large files (e.g. 1GB+) too? 

function sha256(buffer){
  return crypto.subtle.digest("SHA-256", buffer).then(function (hash) {
    return hex(hash);
  });
}

function hex(buffer) {
  var hexCodes = [];
  var view = new DataView(buffer);
  for (var i = 0; i < view.byteLength; i += 4) {
    // Using getUint32 reduces the number of iterations needed (we process 4 bytes each time)
    var value = view.getUint32(i)
    // toString(16) will give the hex representation of the number without padding
    var stringValue = value.toString(16)
    // We use concatenation and slice for padding
    var padding = '00000000'
    var paddedValue = (padding + stringValue).slice(-padding.length)
    hexCodes.push(paddedValue);
  }

  // Join all the hex strings into one
  return hexCodes.join("");
}
Jürgen
  • 71
  • 2
  • does this internal digest to your application or some other parties will test it? – kelalaka Oct 10 '18 at 11:51
  • the function sha256 takes an ArrayBuffer as argument and returns a string (sha256-hash-string). In my application i read a file as ArrayBuffer then i call the sha256 from that and alert the resulting hash. with small files a alert box opens and shows the correct hash but with large files there is no alert box. – Jürgen Oct 10 '18 at 12:19
  • I look for the limitation but couldn't find. One must have looked a the implementation. If the digest is not going to be used outside of your application than I can give a simple solution to you. If you aim to send the digest to third parties to be checked no solution yet. – kelalaka Oct 10 '18 at 12:31
  • what is the simple solution? – Jürgen Oct 10 '18 at 13:16
  • well, divide the file into, smaller size that is acceptable by crypto.subtle.digest. get the digest and prepend it to the next one,... The problem; this will not be the same digest as the whole file. Since the SHA-256 adds some padding at the end. This will be the non-standard usage of the SHA-256 but will have same collusion resistance, pre-image and second pre-image attack resistance. – kelalaka Oct 10 '18 at 13:21
  • Your code works for any size of `buffer`. So, what doesn't work for large files? – President James K. Polk Oct 10 '18 at 19:07
  • https://stackoverflow.com/questions/8974375/whats-the-maximum-size-of-a-node-js-buffer – kelalaka Oct 10 '18 at 22:20
  • Oh, I see. Yes, it looks like that particular API is useless for hashing gigabytes of data. – President James K. Polk Oct 10 '18 at 23:49

0 Answers0