OpenSSL SHA algorithm

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL SHA algorithm

Swapnil Deshpande
Hi all,

Noob here. I recently discovered that the "-sha1" and "-sha" flags in the "openssl dgst" command produce different outputs. I thought those were the same algorithms but turns out they are not:

$ echo -n "password" | openssl dgst -sha

80072568beb3b2102325eb203f6d0ff92f5cef8e


$ echo -n "password" | openssl dgst -sha1

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8


I am aware of SHA1 and the SHA-128 algorithm. 


1. What algorithm is used to generate hash when I use the "-sha" option?

2. What could I have done to get this answer to #1 in a better way? I am asking this because I tried to find what algorithm is being used through the "help" option as well as trying to search via "man openssl" but couldn't find anything. I also did a basic search for "openssl sha vs sha1" and couldn't find any relevant results. If there was a better way to know more about this option (say by reading some documentation), I'd be glad to know about it. 


Merry Christmas. 


Regards,

Swapnil


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL SHA algorithm

Dennis Clarke-2
On 25/12/17 10:44 PM, Swapnil Deshpande wrote:

> Hi all,
>
> Noob here. I recently discovered that the "-sha1" and "-sha" flags in
> the "openssl dgst" command produce different outputs. I thought those
> were the same algorithms but turns out they are not:
>
> $ echo -n "password" | openssl dgst -sha
>
> 80072568beb3b2102325eb203f6d0ff92f5cef8e
>
>
> $ echo -n "password" | openssl dgst -sha1
>
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
>



A quick google shows :

SHA0x01 80072568beb3b2102325eb203f6d0ff92f5cef8e:password
SHA0x02 63addb5d2099f2d9b44210063c6b9aa74b2d7017:password
SHA0x03 a958d2144134061b83e164acb74de1d2fa9b1970:password
SHA0x04 a72a9711884c867812110bcfbb60fb87550e3810:password
SHA0x05 7d57e2c9ad5cbee4cd75e32814efb1a8dbc7384f:password

https://gist.github.com/rumikotakahashi/f3d377ff81e878f7fffb4b38cc9f4bf6

dc
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL SHA algorithm

Dave Coombs
In reply to this post by Swapnil Deshpande
Hi,

Wikipedia has some information.


What is produced by "dgst -sha" is what the above link is calling SHA-0 (originally just called SHA).

All the best,
  -Dave


On Dec 25, 2017, at 22:44, Swapnil Deshpande <[hidden email]> wrote:

Hi all,

Noob here. I recently discovered that the "-sha1" and "-sha" flags in the "openssl dgst" command produce different outputs. I thought those were the same algorithms but turns out they are not:

$ echo -n "password" | openssl dgst -sha
80072568beb3b2102325eb203f6d0ff92f5cef8e

$ echo -n "password" | openssl dgst -sha1
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

I am aware of SHA1 and the SHA-128 algorithm. 

1. What algorithm is used to generate hash when I use the "-sha" option?
2. What could I have done to get this answer to #1 in a better way? I am asking this because I tried to find what algorithm is being used through the "help" option as well as trying to search via "man openssl" but couldn't find anything. I also did a basic search for "openssl sha vs sha1" and couldn't find any relevant results. If there was a better way to know more about this option (say by reading some documentation), I'd be glad to know about it. 

Merry Christmas. 

Regards,
Swapnil
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL SHA algorithm

Kurt Roeckx
In reply to this post by Swapnil Deshpande
On Mon, Dec 25, 2017 at 07:44:58PM -0800, Swapnil Deshpande wrote:

> Hi all,
>
> Noob here. I recently discovered that the "-sha1" and "-sha" flags in the
> "openssl dgst" command produce different outputs. I thought those were the
> same algorithms but turns out they are not:
>
> $ echo -n "password" | openssl dgst -sha
>
> 80072568beb3b2102325eb203f6d0ff92f5cef8e
>
>
> $ echo -n "password" | openssl dgst -sha1
>
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
>
>
> I am aware of SHA1 and the SHA-128 algorithm.
>
>
> 1. What algorithm is used to generate hash when I use the "-sha" option?

It's the original SHA algorithm, which people will now refer to as
SHA-0. It has some minor but important changes compared to SHA-1.

> 2. What could I have done to get this answer to #1 in a better way? I am
> asking this because I tried to find what algorithm is being used through
> the "help" option as well as trying to search via "man openssl" but
> couldn't find anything. I also did a basic search for "openssl sha vs sha1"
> and couldn't find any relevant results. If there was a better way to know
> more about this option (say by reading some documentation), I'd be glad to
> know about it.

I started a pull request:
https://github.com/openssl/openssl/pull/4979

There are probably other changes that should happen.


Kurt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL SHA algorithm

Swapnil Deshpande
Thanks all, this has been really helpful. 

On Tue, Dec 26, 2017 at 5:44 AM, Kurt Roeckx <[hidden email]> wrote:
On Mon, Dec 25, 2017 at 07:44:58PM -0800, Swapnil Deshpande wrote:
> Hi all,
>
> Noob here. I recently discovered that the "-sha1" and "-sha" flags in the
> "openssl dgst" command produce different outputs. I thought those were the
> same algorithms but turns out they are not:
>
> $ echo -n "password" | openssl dgst -sha
>
> 80072568beb3b2102325eb203f6d0ff92f5cef8e
>
>
> $ echo -n "password" | openssl dgst -sha1
>
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
>
>
> I am aware of SHA1 and the SHA-128 algorithm.
>
>
> 1. What algorithm is used to generate hash when I use the "-sha" option?

It's the original SHA algorithm, which people will now refer to as
SHA-0. It has some minor but important changes compared to SHA-1.

> 2. What could I have done to get this answer to #1 in a better way? I am
> asking this because I tried to find what algorithm is being used through
> the "help" option as well as trying to search via "man openssl" but
> couldn't find anything. I also did a basic search for "openssl sha vs sha1"
> and couldn't find any relevant results. If there was a better way to know
> more about this option (say by reading some documentation), I'd be glad to
> know about it.

I started a pull request:
https://github.com/openssl/openssl/pull/4979

There are probably other changes that should happen.


Kurt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users