2

I would like to salt the hash function of OpenSSL external, so that I can assign a salt on my own. Is that possible or is the hash function of OpenSSL alsways internal "salted"?

Maximilian
  • 207
  • 2
  • 7
  • 3
    Neither `sha1` nor `sha2` have a notion of salting. – Cthulhu Sep 22 '15 at 07:23
  • 2
    The hash algorithms are used in OpenSSL for Data integrity checks and signing certificates and CRLs. Salted-Hashing technique is used in the application-level. You could use JavaScripts to achieve that. Please let us know what is that you're trying to achieve. – feral_fenrir Sep 22 '15 at 07:51

2 Answers2

12

SHA-1 and SHA-256 are cryptographic hash functions. They take as input an arbitrary sequence of bits -- and only that. There is no "salt" in hash functions.

When a hash function is said to be "salted", then this is not a hash function; this is some other construction that uses, among its input parameters, one that is deemed to be a "salt", and that may use, internally, a hash function as a building element. One example of such a construction is PBKDF2.

The distinction is important, because when someone says "I want to salt my hash", then this can mean one of the two following things:

  • That someone is trying to implement some existing, well-specified construction like PBKDF2, and merely calls it "a salted hash". The right way is to look for an existing implementation of the complete construction, or, failing that, to implement it by using the specification which will tell exactly what sequence of bits is injected into whatever hash function is used internally. In any case, the question of "how to salt a hash" becomes meaningless.

  • That someone is in the process of making his own, homemade construction involving a hash function, and tries to mix together some values and a few cryptographic functions, hoping that all the ingredients will somehow interact well together and result in "security", envisioned like a sort of cake. This is a known recipe for disaster; only sorrow lies down that path.

    Usually, the notion of "salt" comes from the concept of hashing passwords, where passwords are "weak secrets" ("secrets" because they are supposed to remain confidential, "weak" because they can be remembered by human brains, and human brains are really bad at remembering random values). Hashing passwords is not something that tolerates improvisation well; there is a lot of theory and research on the subject, and experience has repeatedly shown that homemade schemes are almost invariably pathetically weak. Read this answer as an introduction on the subject.

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
4

The hash algorithms are used in OpenSSL for Data integrity checks and signing certificates and CRLs. Salted-Hashing technique is used in the application-level. You could use JavaScripts to achieve that. Please let us know what is that you're trying to achieve.

The following is based on inputs and requirement of a insecure implementation for test purposes.

The Hashing functions SHA-1 and SHA256 will not salt your data internally. All multiple iterations of hashing a given data will result always in the same hash. Hence, what you're try to build is possible.

Step 1: Ask the user to input the data to be hashed.

Step 2: Ask the user what option they prefer:

  1. Salting is required - hash=SHA256(SHA256(data)+random(1))

  2. Manual Entry of salt - hash=SHA256(SHA256(data)+manual_salt)

  3. No Salting - hash=SHA256(data)

If you're coding in C++, check some these links:

  1. Generate SHA hash in C++ using OpenSSL library
  2. C++ sha1 function
  3. C++ sha256 function
RoraΖ
  • 12,347
  • 4
  • 51
  • 83
feral_fenrir
  • 733
  • 5
  • 15
  • 1
    I would like to write a program that hashes something where I can manually insert a salt and also where I can skip the salting leading to a cryptographic weak hash (for testing purpose). – Maximilian Sep 22 '15 at 07:56
  • 1
    Manually inserting a salt might be considered weak. Use a secure random string generator that is available for your environment. Then you know the drill: hash(hash(data)+random_salt(1)) – feral_fenrir Sep 22 '15 at 08:00
  • 1
    Good Reads: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator and https://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html – feral_fenrir Sep 22 '15 at 08:02
  • 1
    I try to implement a cryptographic weak hash, which would be possible with a non-random salt. Do you see a way to implement a hash function (preferred OpenSSL) where I can insert a salt manually? – Maximilian Sep 22 '15 at 08:23
  • 1
    That is a good work-around for my problem thank you. But is SHA256(data) insecure for password hashes, like I read [here](https://cwe.mitre.org/data/definitions/759.html) – Maximilian Sep 22 '15 at 09:08
  • And hence, you're salting it and hashing it again: SHA256(SHA256(data)+salt). – feral_fenrir Sep 22 '15 at 10:37
  • @Cthulhu: Kindly read all my comments. He needs an implementation where he wants to manually add the salt or even skip salting. – feral_fenrir Sep 22 '15 at 10:39
  • @feral_fenrir even when doing SHA256(SHA256(data)+salt) it's still bad practice for passwords. – Lucas Kauffman Sep 22 '15 at 11:26
  • What's a bad practice for passwords? – feral_fenrir Sep 22 '15 at 11:36
  • @feral_fenrir: Hashing passwords with a couple of hash invocations with a salt thrown in the mix, is a bad practice. Without the salt (i.e. a raw "SHA-256(password)"), is is _worse_ practice, but even with a salt, it still is bad practice. Good practice is to use a dedicated [password hashing function](http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#31846). – Tom Leek Sep 22 '15 at 12:52