Hashing Using the OpenSSL Toolkit

August 15, 2016 | Views: 4769

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

In part 1 of this series discussing hashing, we explored how to run hashing commands from the command-line in Linux, OSX, and Windows 10. Part 2 took a more global overview of hashing and its uses. In this, part 3, we’ll look at one more way to produce a hash via the command-line in most variations of opensource *nix using the OpenSSL toolkit.

 

As stated before, cryptographic hashing helps to assure file and data integrity by providing a one-way data-map of the data being hashed. The hashing algorithm provides a string of characters that represents the data being hashed, and will change if the data being hashed is modified in anyway whether intentional or unintentional.

 

Before we move on to the exercise, here’s a quick overview of a weakness of this cryptographic function known as a “collision.” If you’re familiar with hashing, you have noticed that the output is simply a string of characters, the length of which is determined by the hashing function that’s chosen. If an attacker can find a piece of data that results in the same hash string being produced as that of the data being protected, a collision has taken place. For instance, if I hash a file and the output of the hash process is “jsbfsj”, a collision takes place if a completely different file is hashed and also outputs the string “jsbfsj”.

 

In the case of a password hash, an attacker may not need to know my password if they have the ability to produce the same hash. In other words, if my password is “dog” and the password hash = “kjhll”, and then an attacker discovers that “this isdiff3r3nt” also produces the password hash = “kjhll”, either “dog” or “this isdiff3r3nt” would suffice to compromise my account. When increased processing power and/or weak algorithms begin to increase the likelihood of being able to produce a collision, it’s time to begin using a stronger hashing algorithm.

 

Let’s move on to hashing using OpenSSL. In part 2 we saw that another name for a hash was digest. It’s important to recognize the various names. Why? Because if you were to look at the man page for OpenSSL (man OpenSSL), you would see the following text listed “Calculation of Message Digests”. Further, the command to conduct hashing in the OpenSSL toolkit is “dgst” (OpenSSL is so large that “OpenSSL” is the application part of the command-line string, you also need to provide a “standard command”). Let’s see this happen.

 

Using the test file from Part 1 (or any file that you want to use), open up a command terminal and get a md5 hash using the md5sum program (on linux):

pig-pig:tmp$ md5sum test_file.txt

MD5 (test_file.txt) = f0eac7ea373ec547cc3dee88a3c50a3a

 

Now, let’s use OpenSSL to get a md5 hash of the same file:

pig-pig:tmp$ openssl dgst -md5 test_file.txt

MD5(test_file.txt)= f0eac7ea373ec547cc3dee88a3c50a3a

 

Notice that we used 2 different programs to provide the hashes, but the hash-strings (digests) are the same. They should be. And just for clarification, the md5sum program belongs to the coreutils package on my Debian system, while the OpenSSL program belongs to the OpenSSL package.

 

In summary, hashing has many uses in basic computer operations. Most of the time these operations are performed without user intervention. But, when needed, a user can start a terminal window and perform a manual hash. You should get friendly with the man pages on these commands. With the exception of OpenSSL , the commands have only a few switches, and most importantly, you need to know which hashes your system supports. OpenSSL is a whole different ball of fun. I plan on visiting this suite of tools soon.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
3 Comments
  1. keep in mind also that Windows file systems can’t handle the fact that a file might be an odd number of bytes and will pad the file in that case. Taking a checksum (hash) of the same file on Windows and a Unix-like operating system will often result in different hash values, regardless of whether the files are actually different or not due to the on-disk padding.

    • Thanks for the reply. In part 1 we did receive the same hash across different OS’s including windows 10. But as you said, that may not always be the case and we should be aware of this. In most cases that I have seen, the difference in the returned hash is due to the tool being used rather than the file system.

  2. nice tool

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel