login about faq

Hi

I am trying to generate a SHA256-Hash using a given Salt. Here is my Powerubiler-Code (Powerscript):

loo_Crypt.HashAlgorithm = "sha256"

loo_Crypt.EncodingMode = "hex"

loo_crypt.salt = s_salt

ls_Hash = loo_Crypt.HashStringENC(ls_hash_me)

Problem: The salt has no influence on the hash. What am I missing?

Thanks!

asked Jul 20 '15 at 17:23

ArtVandelay's gravatar image

ArtVandelay
11

edited Jul 20 '15 at 17:24


The documentation for the Salt property mentions that it's for password based encryption (PBE), so I don't think it has any effect on hashing. See:

Salt *The salt to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127*

Instead I think the common practice is to combine your salt and secret data before hashing the combined data.

Another option would be to use the HashBeginBytes/HashBeginString , HashMoreBytes/HashMoreString, HashFinal/HashFinalEnc approach as follows:

  1. HashBeginBytes/String (depending on how your salt is stored) with the salt.
  2. HashMoreBytes/String (depending on how you secret data is stored) with the secret data.
  3. Call HashFinalENC to get the final encoded hash.
link

answered Jul 20 '15 at 20:59

jpbro's gravatar image

jpbro ♦
1.1k2618

The Salt property is used in encryption when the CryptAlgorithm is set to "pbes1" or "pbes2". Also note that it is not used by the Pbkdf1 or Pbkdf2 methods, as the salt is passed in an argument to those methods.

Hashing data does not involve the automatic use of salt. If one SHA256 hashes "hello world" -- the input data is "hello world" and nothing else. Hash algorithms do not have salt in the definition/specification of the hashing algorithm.

link

answered Jul 21 '15 at 08:34

chilkat's gravatar image

chilkat ♦♦
11.8k316358420

Thanks for your answers!

However I still can't figure on how to solve the following task:

Here is an example of SHA-256 hash. Make sure to add the salt first, then the value when creating the hash. The result must be in hexadecimal format.

Salt

9658705148326752896425325874125287032598745820647259684207641524

Clear text number to be hashed:

7561234567895

you should receive the following hash:

5d3cee33aafd70db6ee06c53cfe65aa5cfefc795ecd9a464029fd1ada5ded0ab

link

answered Jul 21 '15 at 12:47

ArtVandelay's gravatar image

ArtVandelay
11

I just figured it out. This code seems to work:

loo_crypt.hashbeginstring("9658705148326752896425325874125287032598745820647259684207641524")

loo_crypt.hashmorestring("7561234567895")

ls_hash = loo_crypt.hashfinalenc()

One last question: the letters of the hash I am getting by calling hashfinalenc() are uppercase, the ones in my task are lowercase. Does that make a difference?

link

answered Jul 21 '15 at 12:56

ArtVandelay's gravatar image

ArtVandelay
11

edited Jul 21 '15 at 12:57

Upper/Lowercase doesn't matter since the digits are just hexadecimal bytes (2 characters per byte). That is 5d3cee33aafd70db6ee06c53cfe65aa5cfefc795ecd9a464029fd1ada5ded0ab is the same SHA256 hash as 5D3CEE33AAFD70DB6EE06C53CFE65AA5CFEFC795ECD9A464029FD1ADA5DED0AB

However, if you are going to be doing comparisons of stored hashes vs. computed hashes, you should make sure to either normalize them to all upper/lowercase, or use a case-insensitive comparison method available in your development language.

(Jul 21 '15 at 16:54) jpbro ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×8
×6

Asked: Jul 20 '15 at 17:23

Seen: 866 times

Last updated: Jul 21 '15 at 16:54

powered by OSQA