Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Create sha1 hashes using openssl UNIX
OS X has a tool for computing the md5 hash of a file -- just type md5 filename in the Terminal window. However, I wanted to use the stronger sha1 hash algorithm, but there is no sha1 tool. It turns out that you can use openssl, which comes with OS X, to do this. In the Terminal window, type openssl sha1 filename.
    •    
  • Currently 2.00 / 5
  You rated: 1 / 5 (5 votes cast)
 
[10,469 views]  

Create sha1 hashes using openssl | 3 comments | Create New Account
Click here to return to the 'Create sha1 hashes using openssl' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create sha1 hashes using openssl
Authored by: hopthrisC on Mar 01, '04 05:40:41PM

Just as clarification for the cryptographically uninitiated (nothing wrong with the posting!):

SHA1 is considered to be more secure than md5, which in turn is more secure than it's predecessor md4 (which is proven breakable). But on the other hand, SHA1 consumes more CPU time than md5, which can gain up to 50% on SHA1 when processing large files.

Secure meaning that an attacker cannot modify a file without changing the md5 or SHA1 hash. (Even if he can, he most probably has to change something obvious, like the file size).

If you only need to check integrity of files against accidents like hard disk crashes or noisy network connections, md4 (or even crc32) is probably all you ever need, while it saves even more time. The chance that a corrupted file has exactly the same hash (= checksum) as the original version is so small it isn't funny.



[ Reply to This | # ]
Create sha1 hashes using openssl
Authored by: the1truestripes on Mar 01, '04 06:30:26PM
Secure meaning that an attacker cannot modify a file without changing the md5 or SHA1 hash. (Even if he can, he most probably has to change something obvious, like the file size).

To clarify changing a file should change the hash (aka checksum) - that is what they are for! Normal checksums are geared towards detecting normal kinds of modifications (transposed charactors for manually entered input, butsts of bit errors for data transmitions), and towards being fast.

With normal hashes it is possiable to modify the contents of the file (or whatever is being hashed) and find a way to keep the checksum constant. When protecting against randomish errors this is fine. If you are trying to protect against a (potentally!) smart atacker it isn't so fine.

Cryptoragraphically strong hashes should change half their bits if there is a single bit change in their input. It should be expensave to determine which half too :-)

[ Reply to This | # ]

SHA1 vs MD5
Authored by: porkchop_d_clown on Mar 02, '04 11:10:36AM

What happened to MD5, has it been exploited?

Why did you go to sha1?

---
Everyone loves a clown, but no one will lend him money!



[ Reply to This | # ]