OpenSSL Hacks

OpenSSL contains a command-line tool to do nearly everything possible within the OpenSSL library. Even better, it's probably already installed on your system.
Learning More

This is only a sample of what OpenSSL offers at the command line.

Some documentation is available at the OpenSSL Web site under the Documents and Related sections. There are also several mailing lists available under the Support section.

OpenSSL is written in and for C/C++, but it has been adapted to other programming languages, including Ruby. In addition, the FIPS 140-2 Level 1 validation in March 2006 makes OpenSSL a new contender in the enterprise and government cryptography markets.

Resources for this article: /article/9020.

Anthony J. Stieber is an information security professional geek who obsesses over UNIX systems, cryptology, physical security and things he can't tell you. He is currently thawing out in Minneapolis, Minnesota, USA. This is his second published article.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

In relation to the password

IainB's picture

In relation to the password hash, surely the server needs to know the salt too? When I run the example I don't get the salt returned, so how can the hash be used?? Can the salt be derived from the hash somehow, and if so, doesn't knowledge of the salt make the hash much, much weaker?

I'm sure I've missed something obvious!

As far as I know, the salt

aurir_'s picture

As far as I know, the salt is stored between two dollar signs. So it's part of the hash. At least for the MD5 (openssl passwd -1).

MD5 passwd hash

BernieD's picture

I need a cc or gcc source file that I can compile on an HP running HPUX 11. I want to compile it into an existing process that currently generates and hashes 8 digit passwords using DES i.e., the old crypt(). I nust now increase that password from 8 positions to 15 for security purposes. I'd guess that a perl script would do also as long as it had the proper hooks to the MD5 hash.

I will really appreciate any help on this item.

RE:

Anonymous's picture

Great Article Anthony!

Very interesting and informational.

Can you expand a little on where you say:

"...run the above example multiple times. The output is the cryptographic hash of your password. The hash is randomly salted so that every time it's run, the output will be different, even if the password is the same."

Why will the output be different?

Thanks!
-John

salt

Wu Yongzheng's picture

Basically, salt is a random string appended to your password. So instead of hash(password), we do hash(password | salt). The server keeps both salt and hash value. The purpose of salt is to prevent pre-calculated table attack.

Ref: http://en.wikipedia.org/wiki/Salt_%28cryptography%29

Page is rendered too wide

rhkramer's picture

The lines on this page are too wide, I have to scroll horizontally to read each line, hence I haven't read the article.

The problem seems to be Table 2, and specifically the header lines, but Table 3 may also be wide on some screens.

I'm sure someone can find a number of creative ways to solve the problem.

Randy Kramer

Page is rendered too wide

Keith Daniels's picture

In most browsers, those capable of handling cascading style sheets (CSS) that table displays with a horizontal scroll bar at the bottom and does not extend the page width.

What browser are you using and what version?

Webmaster
Linux Journal

I forgot to ask

Keith Daniels's picture

Have you changed the settings in your browser so you use a default or customized style sheet for it? This is common with Opera.

Webmaster
Linux Journal

"I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone."
-- Bjarne Stroustrup

Width problem

Allan Morris's picture

The width problem on this page as commented by others is still there. Using Konqueror 3.5.4 on Kubuntu with stylesheet set as default. Browser as-is passes the acid style test 100%. The problem is with your site.

Sorry.

Allan Morris.

Width problem

Keith Daniels's picture

There were two problems here. Though I made the page quit showing so wide, the problems still exist.

Problem #1 Konqueror will not obey the CSS rule (overflow: auto;) for a table which would make a horizontal scroll bar appear only underneath the over sized table and the screen would not display wide. All other browsers I tested do this.

Problem #2 Konqueror obeyed a CSS rule for table headers (th{white-space: nowrap;}) that none of the other browsers paid any attention to. I killed the white-space rule and the page no longer over extends your screen (or at least not as much, there is still a point where the table headers will not continue to wrap). If the other browsers had obeyed this rule I would have found this problem much earlier.

Webmaster

"I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone."
-- Bjarne Stroustrup

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState