4 use vars qw($VERSION %MMAP $AUTOLOAD);
9 "SHA-1" => [["Digest::SHA", 1], "Digest::SHA1", ["Digest::SHA2", 1]],
10 "SHA-224" => [["Digest::SHA", 224]],
11 "SHA-256" => [["Digest::SHA", 256], ["Digest::SHA2", 256]],
12 "SHA-384" => [["Digest::SHA", 384], ["Digest::SHA2", 384]],
13 "SHA-512" => [["Digest::SHA", 512], ["Digest::SHA2", 512]],
14 "HMAC-MD5" => "Digest::HMAC_MD5",
15 "HMAC-SHA-1" => "Digest::HMAC_SHA1",
16 "CRC-16" => [["Digest::CRC", type => "crc16"]],
17 "CRC-32" => [["Digest::CRC", type => "crc32"]],
18 "CRC-CCITT" => [["Digest::CRC", type => "crcccitt"]],
19 "RIPEMD-160" => "Crypt::PIPEMD160",
24 shift; # class ignored
25 my $algorithm = shift;
26 my $impl = $MMAP{$algorithm} || do {
27 $algorithm =~ s/\W+//;
30 $impl = [$impl] unless ref($impl);
35 ($class, @args) = @$class if ref($class);
37 unless (exists ${"$class\::"}{"VERSION"}) {
38 eval "require $class";
44 return $class->new(@args, @_);
52 my $algorithm = substr($AUTOLOAD, rindex($AUTOLOAD, '::')+2);
53 $class->new($algorithm, @_);
62 Digest - Modules that calculate message digests
66 $md5 = Digest->new("MD5");
67 $sha1 = Digest->new("SHA-1");
68 $sha256 = Digest->new("SHA-256");
69 $sha384 = Digest->new("SHA-384");
70 $sha512 = Digest->new("SHA-512");
72 $hmac = Digest->HMAC_MD5($key);
76 The C<Digest::> modules calculate digests, also called "fingerprints"
77 or "hashes", of some data, called a message. The digest is (usually)
78 some small/fixed size string. The actual size of the digest depend of
79 the algorithm used. The message is simply a sequence of arbitrary
82 An important property of the digest algorithms is that the digest is
83 I<likely> to change if the message change in some way. Another
84 property is that digest functions are one-way functions, that is it
85 should be I<hard> to find a message that correspond to some given
86 digest. Algorithms differ in how "likely" and how "hard", as well as
87 how efficient they are to compute.
89 Note that the properties of the algorithms change over time, as the
90 algorithms are analyzed and machines grow faster. If your application
91 for instance depends on it being "impossible" to generate the same
92 digest for a different message it is wise to make it easy to plug in
93 stronger algorithms as the one used grow weaker. Using the interface
94 documented here should make it easy to change algorithms later.
96 All C<Digest::> modules provide the same programming interface. A
97 functional interface for simple use, as well as an object oriented
98 interface that can handle messages of arbitrary length and which can
101 The digest can be delivered in three formats:
107 This is the most compact form, but it is not well suited for printing
108 or embedding in places that can't handle arbitrary data.
112 A twice as long string of lowercase hexadecimal digits.
116 A string of portable printable characters. This is the base64 encoded
117 representation of the digest with any trailing padding removed. The
118 string will be about 30% longer than the binary version.
119 L<MIME::Base64> tells you more about this encoding.
124 The functional interface is simply importable functions with the same
125 name as the algorithm. The functions take the message as argument and
126 return the digest. Example:
128 use Digest::MD5 qw(md5);
129 $digest = md5($message);
131 There are also versions of the functions with "_hex" or "_base64"
132 appended to the name, which returns the digest in the indicated form.
136 The following methods are available for all C<Digest::> modules:
140 =item $ctx = Digest->XXX($arg,...)
142 =item $ctx = Digest->new(XXX => $arg,...)
144 =item $ctx = Digest::XXX->new($arg,...)
146 The constructor returns some object that encapsulate the state of the
147 message-digest algorithm. You can add data to the object and finally
148 ask for the digest. The "XXX" should of course be replaced by the proper
149 name of the digest algorithm you want to use.
151 The two first forms are simply syntactic sugar which automatically
152 load the right module on first use. The second form allow you to use
153 algorithm names which contains letters which are not legal perl
154 identifiers, e.g. "SHA-1". If no implementation for the given algorithm
155 can be found, then an exception is raised.
157 If new() is called as an instance method (i.e. $ctx->new) it will just
158 reset the state the object to the state of a newly created object. No
159 new object is created in this case, and the return value is the
160 reference to the object (i.e. $ctx).
162 =item $other_ctx = $ctx->clone
164 The clone method creates a copy of the digest state object and returns
165 a reference to the copy.
169 This is just an alias for $ctx->new.
171 =item $ctx->add( $data )
173 =item $ctx->add( $chunk1, $chunk2, ... )
175 The string value of the $data provided as argument is appended to the
176 message we calculate the digest for. The return value is the $ctx
179 If more arguments are provided then they are all appended to the
180 message, thus all these lines will have the same effect on the state
183 $ctx->add("a"); $ctx->add("b"); $ctx->add("c");
184 $ctx->add("a")->add("b")->add("c");
185 $ctx->add("a", "b", "c");
188 Most algorithms are only defined for strings of bytes and this method
189 might therefore croak if the provided arguments contain chars with
190 ordinal number above 255.
192 =item $ctx->addfile( $io_handle )
194 The $io_handle is read until EOF and the content is appended to the
195 message we calculate the digest for. The return value is the $ctx
198 The addfile() method will croak() if it fails reading data for some
199 reason. If it croaks it is unpredictable what the state of the $ctx
200 object will be in. The addfile() method might have been able to read
201 the file partially before it failed. It is probably wise to discard
202 or reset the $ctx object if this occurs.
204 In most cases you want to make sure that the $io_handle is in
205 "binmode" before you pass it as argument to the addfile() method.
207 =item $ctx->add_bits( $data, $nbits )
209 =item $ctx->add_bits( $bitstring )
211 The add_bits() method is an alternative to add() that allow partial
212 bytes to be appended to the message. Most users should just ignore
213 this method as partial bytes is very unlikely to be of any practical
216 The two argument form of add_bits() will add the first $nbits bits
217 from $data. For the last potentially partial byte only the high order
218 C<< $nbits % 8 >> bits are used. If $nbits is greater than C<<
219 length($data) * 8 >>, then this method would do the same as C<<
222 The one argument form of add_bits() takes a $bitstring of "1" and "0"
223 chars as argument. It's a shorthand for C<< $ctx->add_bits(pack("B*",
224 $bitstring), length($bitstring)) >>.
226 The return value is the $ctx object itself.
228 This example shows two calls that should have the same effect:
230 $ctx->add_bits("111100001010");
231 $ctx->add_bits("\xF0\xA0", 12);
233 Most digest algorithms are byte based and for these it is not possible
234 to add bits that are not a multiple of 8, and the add_bits() method
235 will croak if you try.
239 Return the binary digest for the message.
241 Note that the C<digest> operation is effectively a destructive,
242 read-once operation. Once it has been performed, the $ctx object is
243 automatically C<reset> and can be used to calculate another digest
244 value. Call $ctx->clone->digest if you want to calculate the digest
245 without resetting the digest state.
247 =item $ctx->hexdigest
249 Same as $ctx->digest, but will return the digest in hexadecimal form.
251 =item $ctx->b64digest
253 Same as $ctx->digest, but will return the digest as a base64 encoded
260 This table should give some indication on the relative speed of
261 different algorithms. It is sorted by throughput based on a benchmark
262 done with of some implementations of this API:
264 Algorithm Size Implementation MB/s
266 MD4 128 Digest::MD4 v1.3 165.0
267 MD5 128 Digest::MD5 v2.33 98.8
268 SHA-256 256 Digest::SHA2 v1.1.0 66.7
269 SHA-1 160 Digest::SHA v4.3.1 58.9
270 SHA-1 160 Digest::SHA1 v2.10 48.8
271 SHA-256 256 Digest::SHA v4.3.1 41.3
272 Haval-256 256 Digest::Haval256 v1.0.4 39.8
273 SHA-384 384 Digest::SHA2 v1.1.0 19.6
274 SHA-512 512 Digest::SHA2 v1.1.0 19.3
275 SHA-384 384 Digest::SHA v4.3.1 19.2
276 SHA-512 512 Digest::SHA v4.3.1 19.2
277 Whirlpool 512 Digest::Whirlpool v1.0.2 13.0
278 MD2 128 Digest::MD2 v2.03 9.5
280 Adler-32 32 Digest::Adler32 v0.03 1.3
281 CRC-16 16 Digest::CRC v0.05 1.1
282 CRC-32 32 Digest::CRC v0.05 1.1
283 MD5 128 Digest::Perl::MD5 v1.5 1.0
284 CRC-CCITT 16 Digest::CRC v0.05 0.8
286 These numbers was achieved Apr 2004 with ActivePerl-5.8.3 running
287 under Linux on a P4 2.8 GHz CPU. The last 5 entries differ by being
288 pure perl implementations of the algorithms, which explains why they
293 L<Digest::Adler32>, L<Digest::CRC>, L<Digest::Haval256>,
294 L<Digest::HMAC>, L<Digest::MD2>, L<Digest::MD4>, L<Digest::MD5>,
295 L<Digest::SHA>, L<Digest::SHA1>, L<Digest::SHA2>, L<Digest::Whirlpool>
297 New digest implementations should consider subclassing from L<Digest::base>.
301 http://en.wikipedia.org/wiki/Cryptographic_hash_function
305 Gisle Aas <gisle@aas.no>
307 The C<Digest::> interface is based on the interface originally
308 developed by Neil Winton for his C<MD5> module.
310 This library is free software; you can redistribute it and/or
311 modify it under the same terms as Perl itself.
313 Copyright 1998-2006 Gisle Aas.
314 Copyright 1995,1996 Neil Winton.