Siva...
Take a look at the previous replies in the list to what I wrote below. Apparently, the hashing algorithms in question produce the same output, regardless of platform. That makes complete sense. As stated before, doing an md5sum on, for example, file 'foo' on an Alpha will produce the same output as the md5sum on the same file on an x86 machine. Same thing with SHA1. >> But it is not identical across platforms (windows >> and Linux, both on Intel). Is this the expected behavior or I am >> making an error somewhere? Are the hashes the same between Windows and Linux? Are you sure that your code is the same? Where are you reading your password from? If you're reading from a file, remember that EOLs on Linux and Windows are different (newline versus CRLF, respectively). Otherwise, if you're doing everything right, then my only explanation is that the libraries are messed up somehow (but I find the latter harder to believe). Make sure you strip off all newlines and carriage returns at the end of your raw input, then do the hash. Compare the output, then, and you should get the same results. Michael On Tue, 18 Jun 2002, Sivaselvam CN wrote: > Hi Michael, > > Yes... I have a requirement that the server that authenticates the > password can be running at the different platforms at different > times..... Can you tell me if there is a way to get identical passwords > for a given string whichever platform the SHA1 algorithm is run? > > > Thanks. > > > -Siva > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Michael Chang > Sent: Monday, June 17, 2002 5:51 PM > To: [EMAIL PROTECTED] > Subject: Re: machine independent hash > > > Hmm. I could be missing something here, but I see no need to be able to > > have SHA1() compute the same digest on all platforms, unless you will be > > moving the password file from machine to machine (assuming you *are* > using > a password file). > > Really, the client sends passwords raw (well, over an encrypted > transport, > ideally), and it is the server which computes a hash against the > received > password. It is also the server which maintains the username/password > database(s). Therefore, all of the digest computations are performed on > the *same machine.* > > Let me know if I'm missing something crucial here, since I just wrote a > server stub that does exactly the above. Otherwise, I think I have it > right. > > > MIchael > > > > > On Mon, 17 Jun 2002, Sivaselvam CN wrote: > > > Hi All, > > > > I am in need of a secure "one way hash" algorithm and I want to use > > right one available with the OpenSSL. I want to store passwords after > > one way hashing so that the passwords are not stored in disk as clear > > text. > > > > 1) I have found that (correct me if I am wrong) that SHA1 is the right > > algorithm for the new applications (one producing 160 bit digest) > > compared to MD5 (one with 128 bit digest). Hence I decided to use SHA1 > > algorithm. The problem I have is that the hash value for a given > string > > is not unique across different platforms. I used the following > function > > in "sha.h" file > > > > "unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned > > char *md)". > > > > This generates a hash string from the password string. When I generate > > the hash for a given string repeatedly, the hash is same all the times > > on a given platform. But it is not identical across platforms (windows > > and Linux, both on Intel). Is this the expected behavior or I am > making > > an error somewhere? > > > > 2) If this is the expected behavior, how to make the SHA1 algorithm > > generate the same hash for a given string across all platforms? > > > > 3) I get identical hash values if I use the > > > > "char *des_crypt(const char *buf,const char *salt)" function in des.h > > > > The doc says this is "crypt algorithm". This function takes a > > seed(salt) value along with the password and generates a hash. Is this > a > > "one way hash" algorithm? > > > > 4) Is "des_crypt" gives identical outputs across all platforms because > > it uses a seed? Or using seed in hash is a way to generate identical > > outputs across all platforms? > > > > > > Thanks in advance > > -Siva > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > -- /* BEGIN SIG --------------------------------------------------------------- * "It might look like I'm doing nothing, but at the cellular level * I'm really quite busy." * ---anonymous * * * -----BEGIN GEEK CODE BLOCK----- * Version: 3.1 * GCS/P/H/L/O d- s-:-- a26 C++(+++) UL+++$>++++ P++ L+++ !E W+++ N- o? K- * w--(---) !O M+ !V PS+ PE- Y-- PGP- t+ 5-(--) X(-) R* tv b+ DI-- D-- G e+>++ * h+ r* y-- * ------END GEEK CODE BLOCK------ --------------------------------------------------------------------------*/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
