Difference between revisions of "SHA"
From Hackepedia
Jump to navigationJump to searchm (sha256 -> sha512 in OpenBSD) |
|||
| Line 5: | Line 5: | ||
$ sha1 /etc/passwd | $ sha1 /etc/passwd | ||
SHA1 (/etc/passwd) = c7ae5b7306797d9f1f5fba85683cdd36ba8d1a08 | SHA1 (/etc/passwd) = c7ae5b7306797d9f1f5fba85683cdd36ba8d1a08 | ||
| + | |||
| + | === Using SHA256+ in OpenBSD === | ||
| + | |||
| + | As of OpenBSD 4.5 the cksum command does SHA256, SHA384 and SHA512 the command is done like so: | ||
| + | |||
| + | $ cksum -a sha256 /dev/null | ||
| + | SHA256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | ||
| + | $ cksum -a sha384 /dev/null | ||
| + | SHA384 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b | ||
| + | $ cksum -a sha512 /dev/null | ||
| + | SHA512 (/dev/null) = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e | ||
| + | |||
| + | A neat feature is the -b flag in cksum which outputs the SHA checksum in base64: | ||
| + | |||
| + | $ cksum -a sha512 -b /dev/null | ||
| + | SHA512 (/dev/null) = z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg== | ||
| + | |||
| + | The checksum is against the binary representation not the hexdump of normal sha512. | ||
Revision as of 10:49, 10 May 2009
SHA-0 (Secure Hash Algorithm) was a proposal by the U.S. government that was replaced by SHA-1 in FIPS 180-1. SHA-1 addresses the weakness found in SHA-0 by adding an additional circular shift operation, thus deprecated SHA-0. SHA-1 has a reported weakness as far as hash collisions are concerned and awareness should be raised if you are implementing it.
If you have the sha1 application installed, you can make use of the command like so:
$ sha1 /etc/passwd SHA1 (/etc/passwd) = c7ae5b7306797d9f1f5fba85683cdd36ba8d1a08
Using SHA256+ in OpenBSD
As of OpenBSD 4.5 the cksum command does SHA256, SHA384 and SHA512 the command is done like so:
$ cksum -a sha256 /dev/null SHA256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 $ cksum -a sha384 /dev/null SHA384 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b $ cksum -a sha512 /dev/null SHA512 (/dev/null) = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
A neat feature is the -b flag in cksum which outputs the SHA checksum in base64:
$ cksum -a sha512 -b /dev/null SHA512 (/dev/null) = z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==
The checksum is against the binary representation not the hexdump of normal sha512.
