// VulnBank - Cryptography with intentional vulnerabilities
//
// Vulnerabilities:
// - MD5 for hashing (collision attacks)
// - SHA1 for hashing (collision attacks)
// - RC4 stream cipher (multiple attacks)
package main

import (
	"crypto/md5"
	"crypto/rc4"
	"crypto/sha1"
	"encoding/hex"
)

// HashPasswordMD5 uses broken MD5 algorithm
// VULNERABILITY: MD5 has practical collision attacks since 2004
func HashPasswordMD5(password string) string {
	// BLOCK: MD5 is cryptographically broken - use SHA-256 or better
	hash := md5.New()
	hash.Write([]byte(password))
	return hex.EncodeToString(hash.Sum(nil))
}

// HashDocumentSHA1 uses broken SHA1 algorithm
// VULNERABILITY: SHA1 has practical collision attacks (SHAttered, 2017)
func HashDocumentSHA1(data []byte) string {
	// BLOCK: SHA1 is cryptographically broken - use SHA-256 or better
	hash := sha1.Sum(data)
	return hex.EncodeToString(hash[:])
}

// EncryptRC4 uses broken RC4 stream cipher
// VULNERABILITY: RC4 has multiple known attacks
func EncryptRC4(key, plaintext []byte) ([]byte, error) {
	// BLOCK: RC4 has known weaknesses - use AES-GCM instead
	cipher, err := rc4.NewCipher(key)
	if err != nil {
		return nil, err
	}

	ciphertext := make([]byte, len(plaintext))
	cipher.XORKeyStream(ciphertext, plaintext)
	return ciphertext, nil
}

// GenerateChecksum uses MD5 for file integrity
// VULNERABILITY: MD5 allows collision attacks on file integrity
func GenerateChecksum(data []byte) string {
	// BLOCK: MD5 for checksums allows malicious file substitution
	hash := md5.Sum(data)
	return hex.EncodeToString(hash[:])
}