Difference between revisions of "Ns sha1"
(Tcllib example of SHA1) |
|||
(6 intermediate revisions by one other user not shown) | |||
Line 5: | Line 5: | ||
'''Description''' | '''Description''' | ||
− | Returns a 40-character, hex-encoded string containing the SHA1 hash of the first argument. | + | Returns a 40-character, hex-encoded string containing the [http://www.answers.com/topic/sha-family SHA1] hash of the first argument. |
'''Usage''' | '''Usage''' | ||
Line 18: | Line 18: | ||
</pre> | </pre> | ||
− | Usually this function is used with a salt, as without a salt it is succeptible to dictionary-based attacks. | + | Usually this function is used with either a prefixed or postfixed salt, as without a salt it is succeptible to dictionary-based attacks. |
Example 2: | Example 2: | ||
Line 29: | Line 29: | ||
</pre> | </pre> | ||
− | This function is provided by the [[nssha1]] module. | + | Good salts are at least of moderate length and consist of random characters. Take note, however, that you would need to be able to retrieve the same salt to perform a match against the previous hash given the same unsalted input. Hash functions for human-chosen alphanumeric passwords are usually succeptible to dictionary-based attacks. |
+ | |||
+ | This function is provided by the [[nssha1]] module, provided as a [http://packages.debian.org/stable/web/aolserver4-nssha1 Debian package] among others. | ||
+ | |||
+ | '''Caveat''' | ||
+ | |||
+ | Unfortunately, this implementation does not seem to be immediately compatible with [http://www.xml-dev.com/blog/sha1.php other] SHA1 [http://www.movable-type.co.uk/scripts/SHA-1.html implementations]. | ||
+ | |||
+ | Postgresql: | ||
+ | |||
+ | <pre> | ||
+ | template1=> select encode(digest('mypassword','SHA1'),'hex'); | ||
+ | encode | ||
+ | ------------------------------------------ | ||
+ | 91dfd9ddb4198affc5c194cd8ce6d338fde470e2 | ||
+ | (1 row) | ||
+ | </pre> | ||
+ | |||
+ | Interestingly, the [http://tcllib.sourceforge.net/doc/sha1.html Tcllib implementation of SHA1] "works", see: | ||
+ | |||
+ | <pre> | ||
+ | nscp 1> package require sha1 | ||
+ | 2.0.1 | ||
+ | |||
+ | nscp 2> sha1::sha1 -hex "mypassword" | ||
+ | 91dfd9ddb4198affc5c194cd8ce6d338fde470e2 | ||
+ | </pre> | ||
+ | |||
+ | '''SEE ALSO''' | ||
+ | |||
+ | : [[ns_uuencode]], [[ns_uudecode]], [[ns_crypt]], [[ns_rand]] |
Latest revision as of 04:21, 4 December 2005
Function
ns_sha1 string
Description
Returns a 40-character, hex-encoded string containing the SHA1 hash of the first argument.
Usage
Example 1:
set sRawPassword "mypassword" set sPassword [ns_sha1 $sRawPassword] ns_adp_puts $sPassword # 04003622EB9D0F788CE7568C7EED23809534365A
Usually this function is used with either a prefixed or postfixed salt, as without a salt it is succeptible to dictionary-based attacks.
Example 2:
set sSalt "salty" set sRawPassword "mypassword" set sPassword [ns_sha1 ${sRawPassword}${sSalt}] # B48FB74597C11FC609DBE912992085EB07847FB6
Good salts are at least of moderate length and consist of random characters. Take note, however, that you would need to be able to retrieve the same salt to perform a match against the previous hash given the same unsalted input. Hash functions for human-chosen alphanumeric passwords are usually succeptible to dictionary-based attacks.
This function is provided by the nssha1 module, provided as a Debian package among others.
Caveat
Unfortunately, this implementation does not seem to be immediately compatible with other SHA1 implementations.
Postgresql:
template1=> select encode(digest('mypassword','SHA1'),'hex'); encode ------------------------------------------ 91dfd9ddb4198affc5c194cd8ce6d338fde470e2 (1 row)
Interestingly, the Tcllib implementation of SHA1 "works", see:
nscp 1> package require sha1 2.0.1 nscp 2> sha1::sha1 -hex "mypassword" 91dfd9ddb4198affc5c194cd8ce6d338fde470e2
SEE ALSO