Hi Michael, Yes... I have a requirement that the server that authenticates the password can be running at the different platforms at different times..... Can you tell me if there is a way to get identical passwords for a given string whichever platform the SHA1 algorithm is run?
Thanks. -Siva -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael Chang Sent: Monday, June 17, 2002 5:51 PM To: [EMAIL PROTECTED] Subject: Re: machine independent hash Hmm. I could be missing something here, but I see no need to be able to have SHA1() compute the same digest on all platforms, unless you will be moving the password file from machine to machine (assuming you *are* using a password file). Really, the client sends passwords raw (well, over an encrypted transport, ideally), and it is the server which computes a hash against the received password. It is also the server which maintains the username/password database(s). Therefore, all of the digest computations are performed on the *same machine.* Let me know if I'm missing something crucial here, since I just wrote a server stub that does exactly the above. Otherwise, I think I have it right. MIchael On Mon, 17 Jun 2002, Sivaselvam CN wrote: > Hi All, > > I am in need of a secure "one way hash" algorithm and I want to use > right one available with the OpenSSL. I want to store passwords after > one way hashing so that the passwords are not stored in disk as clear > text. > > 1) I have found that (correct me if I am wrong) that SHA1 is the right > algorithm for the new applications (one producing 160 bit digest) > compared to MD5 (one with 128 bit digest). Hence I decided to use SHA1 > algorithm. The problem I have is that the hash value for a given string > is not unique across different platforms. I used the following function > in "sha.h" file > > "unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned > char *md)". > > This generates a hash string from the password string. When I generate > the hash for a given string repeatedly, the hash is same all the times > on a given platform. But it is not identical across platforms (windows > and Linux, both on Intel). Is this the expected behavior or I am making > an error somewhere? > > 2) If this is the expected behavior, how to make the SHA1 algorithm > generate the same hash for a given string across all platforms? > > 3) I get identical hash values if I use the > > "char *des_crypt(const char *buf,const char *salt)" function in des.h > > The doc says this is "crypt algorithm". This function takes a > seed(salt) value along with the password and generates a hash. Is this a > "one way hash" algorithm? > > 4) Is "des_crypt" gives identical outputs across all platforms because > it uses a seed? Or using seed in hash is a way to generate identical > outputs across all platforms? > > > Thanks in advance > -Siva > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- /* BEGIN SIG --------------------------------------------------------------- * "It might look like I'm doing nothing, but at the cellular level * I'm really quite busy." * ---anonymous * * * -----BEGIN GEEK CODE BLOCK----- * Version: 3.1 * GCS/P/H/L/O d- s-:-- a26 C++(+++) UL+++$>++++ P++ L+++ !E W+++ N- o? K- * w--(---) !O M+ !V PS+ PE- Y-- PGP- t+ 5-(--) X(-) R* tv b+ DI-- D-- G e+>++ * h+ r* y-- * ------END GEEK CODE BLOCK------ ------------------------------------------------------------------------ --*/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
