SHA: Difference between revisions
No edit summary |
|||
(8 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
SHA-0 (Secure Hash Algorithm) was a proposal by the U.S. government that was replaced by SHA-1 in FIPS 180-1. SHA-1 addresses the weakness found in SHA-0 by adding an additional circular shift operation. SHA-1 has [http://theory.csail.mit.edu/~yiqun/shanote.pdf a reported weakness] as far as [[hash collision]]s are concerned and awareness should be raised if you are implementing it. | SHA-0 (Secure Hash Algorithm) was a proposal by the U.S. government that was replaced by SHA-1 in FIPS 180-1. SHA-1 addresses the weakness found in SHA-0 by adding an additional circular shift operation, thus deprecated SHA-0. SHA-1 has [http://theory.csail.mit.edu/~yiqun/shanote.pdf a reported weakness] as far as [[hash collision]]s are concerned and awareness should be raised if you are implementing it. | ||
If you have the sha1 application installed, you can make use of the command like so: | |||
$ sha1 /etc/passwd | $ sha1 /etc/passwd | ||
SHA1 (/etc/passwd) = c7ae5b7306797d9f1f5fba85683cdd36ba8d1a08 | SHA1 (/etc/passwd) = c7ae5b7306797d9f1f5fba85683cdd36ba8d1a08 | ||
=== Using SHA256+ in OpenBSD and NetBSD === | |||
As of OpenBSD 4.5 and NetBSD 4.0 the cksum command does SHA256, SHA384 and SHA512 the command is done like so: | |||
$ cksum -a sha256 /dev/null | |||
SHA256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | |||
$ cksum -a sha384 /dev/null | |||
SHA384 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b | |||
$ cksum -a sha512 /dev/null | |||
SHA512 (/dev/null) = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e | |||
A neat feature in OpenBSD is the -b flag in cksum which outputs the SHA checksum in base64: | |||
$ cksum -a sha512 -b /dev/null | |||
SHA512 (/dev/null) = z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg== | |||
The checksum is against the binary, NOT the hexdump of normal sha512. | |||
=== SHA256 in FreeBSD === | |||
FreeBSD 7.0-stable has a sha256 program: | |||
$ sha256 /dev/null | |||
SHA256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | |||
=== SHA256+ in Solaris 10 === | |||
Use the digest command: | |||
$ digest -v -a sha256 /dev/null | |||
sha256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | |||
$ digest -v -a sha384 /dev/null | |||
sha384 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b | |||
$ digest -v -a sha512 /dev/null | |||
sha512 (/dev/null) = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e | |||
=== Using SHA256+ in Linux === | |||
On Debian/Ubuntu: | |||
$ shasum -a 256 /dev/null | |||
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b936ca495991b7852b855 /dev/null | |||
# -a, --algorithm 1 (default), 224, 256, 384, 512, 512224, 512256 | |||
In this example it's OpenSuse 10.3, one has to use the openssl package: | |||
> openssl dgst -sha256 /dev/null | |||
SHA256(/dev/null)= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | |||
> openssl dgst -sha512 /dev/null | |||
SHA512(/dev/null)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e | |||
There doesn't seem to be a sha384 though. |
Latest revision as of 05:08, 7 February 2021
SHA-0 (Secure Hash Algorithm) was a proposal by the U.S. government that was replaced by SHA-1 in FIPS 180-1. SHA-1 addresses the weakness found in SHA-0 by adding an additional circular shift operation, thus deprecated SHA-0. SHA-1 has a reported weakness as far as hash collisions are concerned and awareness should be raised if you are implementing it.
If you have the sha1 application installed, you can make use of the command like so:
$ sha1 /etc/passwd SHA1 (/etc/passwd) = c7ae5b7306797d9f1f5fba85683cdd36ba8d1a08
Using SHA256+ in OpenBSD and NetBSD
As of OpenBSD 4.5 and NetBSD 4.0 the cksum command does SHA256, SHA384 and SHA512 the command is done like so:
$ cksum -a sha256 /dev/null SHA256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 $ cksum -a sha384 /dev/null SHA384 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b $ cksum -a sha512 /dev/null SHA512 (/dev/null) = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
A neat feature in OpenBSD is the -b flag in cksum which outputs the SHA checksum in base64:
$ cksum -a sha512 -b /dev/null SHA512 (/dev/null) = z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==
The checksum is against the binary, NOT the hexdump of normal sha512.
SHA256 in FreeBSD
FreeBSD 7.0-stable has a sha256 program:
$ sha256 /dev/null SHA256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256+ in Solaris 10
Use the digest command:
$ digest -v -a sha256 /dev/null sha256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 $ digest -v -a sha384 /dev/null sha384 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b $ digest -v -a sha512 /dev/null sha512 (/dev/null) = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
Using SHA256+ in Linux
On Debian/Ubuntu:
$ shasum -a 256 /dev/null e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b936ca495991b7852b855 /dev/null # -a, --algorithm 1 (default), 224, 256, 384, 512, 512224, 512256
In this example it's OpenSuse 10.3, one has to use the openssl package:
> openssl dgst -sha256 /dev/null SHA256(/dev/null)= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 > openssl dgst -sha512 /dev/null SHA512(/dev/null)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
There doesn't seem to be a sha384 though.