在终端中生成加盐哈希
Generate a Salted Hash in Terminal
我想制作一个 AppleScript,用终端生成 salted 散列。是否有可以生成加盐哈希的特定终端命令,最好是像 SHA-512 这样的安全命令?如果可能的话,我想要一个单行的,这样我就可以将它与 do shell script 命令一起使用。我在网上搜索但没有找到在终端中生成加盐哈希的方法,只是一个普通的。
我是 运行 OS X 小牛队 10.9.5.
据我了解,至少在概念上,您要求的内容需要 2 个步骤:
- 获取随机盐值。
- 将 salt 值与输入文本(密码)连接起来并计算 combined 值的哈希。
为了以后的验证,您必须将盐与生成的哈希一起存储。
以下 AppleScript 处理程序包装 shell 提供必要功能的函数 - 它们前面有示例调用。
免责声明:我对这个领域的了解有限,所以对这些功能持保留态度(哈!)。
生成盐的函数非常感谢地改编自this post。
# Sample text to hash.
set passwd to "somePassword"
# Generate salt value with 10 chars, amounting to about a 64-bit value.
set salt to generateSalt(10)
# Compute hash from combined salt and input value.
set hash to getSha512(salt & passwd)
# SYNOPSIS
# getSha512(text)
# DESCRIPTION
# Calculates and outputs TEXT's hash value using the SHA-512 (SHA-2) algorithm.
# Output is a 128-characters string composed of lowercase hexadecimal digits.
# To create a salted hash, obtain a salt with generateSalt() first and
# prepend it to the text to hash.
# PREREQUISITES
# Requires either the sha512sum or the shasum utility. One or the other should be
# available on BSD/OSX and Linux systems.
# EXAMPLE
# set salt to generateSalt(20)
# set hash to getSha512(salt & passwd)
on getSha512(txt)
do shell script "
getSha512() {
local -a shaCmd
if command -v sha512sum &>/dev/null; then
shaCmd=( sha512sum )
elif command -v shasum &>/dev/null; then
shaCmd=( shasum -a 512 )
else
{ echo 'ERROR: Cannot locate SHA-512-generating utility.' >&2; return 1; }
fi
# Invoke the SHA-generating command and output the first space-separated field.
# (The subsequent fields indicate the mode and input filename.)
\"${shaCmd[@]}\" <<<\"\" | cut -d' ' -f1
return \"${PIPESTATUS[0]}\"
}
getSha512 " & quoted form of txt
end getSha512
# SYNOPSIS
# generateSalt(numChars)
# DESCRIPTION
# Generates NUMCHARS random *printable* ASCII characters that can serve as
# cryptographic salt. Due to the range of printable characters, each character
# returned contains ca. 6.55 bits of information.
# Thus, for instance, to get a 64-bit salt value, specify 10 for NUMCHARS.
# For a 128-bit value, specify 20.
# Use /dev/urandom as the source of random data.
# PREREQUISITES
# File /dev/urandom as a source of random bytes.
# The `head` utility must support the -c option to extract a number of *bytes*.
# Both BSD/OSX and Linux systems fulfill these requirements.
# EXAMPLE
# set salt to generateSalt(20) # get a ca. 128-bit salt value as 20 printable ASCII chars.
on generateSalt(numChars)
do shell script "
generateSalt() {
[[ -c /dev/urandom ]] || { echo 'ERROR: Random source /dev/urandom not available.' >&2; return 1; }
LC_ALL=C tr -cd '!\"#$%&'\''()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~' < /dev/urandom | head -c
}
generateSalt " & numChars
end generateSalt
我想制作一个 AppleScript,用终端生成 salted 散列。是否有可以生成加盐哈希的特定终端命令,最好是像 SHA-512 这样的安全命令?如果可能的话,我想要一个单行的,这样我就可以将它与 do shell script 命令一起使用。我在网上搜索但没有找到在终端中生成加盐哈希的方法,只是一个普通的。
我是 运行 OS X 小牛队 10.9.5.
据我了解,至少在概念上,您要求的内容需要 2 个步骤:
- 获取随机盐值。
- 将 salt 值与输入文本(密码)连接起来并计算 combined 值的哈希。
为了以后的验证,您必须将盐与生成的哈希一起存储。
以下 AppleScript 处理程序包装 shell 提供必要功能的函数 - 它们前面有示例调用。
免责声明:我对这个领域的了解有限,所以对这些功能持保留态度(哈!)。
生成盐的函数非常感谢地改编自this post。
# Sample text to hash.
set passwd to "somePassword"
# Generate salt value with 10 chars, amounting to about a 64-bit value.
set salt to generateSalt(10)
# Compute hash from combined salt and input value.
set hash to getSha512(salt & passwd)
# SYNOPSIS
# getSha512(text)
# DESCRIPTION
# Calculates and outputs TEXT's hash value using the SHA-512 (SHA-2) algorithm.
# Output is a 128-characters string composed of lowercase hexadecimal digits.
# To create a salted hash, obtain a salt with generateSalt() first and
# prepend it to the text to hash.
# PREREQUISITES
# Requires either the sha512sum or the shasum utility. One or the other should be
# available on BSD/OSX and Linux systems.
# EXAMPLE
# set salt to generateSalt(20)
# set hash to getSha512(salt & passwd)
on getSha512(txt)
do shell script "
getSha512() {
local -a shaCmd
if command -v sha512sum &>/dev/null; then
shaCmd=( sha512sum )
elif command -v shasum &>/dev/null; then
shaCmd=( shasum -a 512 )
else
{ echo 'ERROR: Cannot locate SHA-512-generating utility.' >&2; return 1; }
fi
# Invoke the SHA-generating command and output the first space-separated field.
# (The subsequent fields indicate the mode and input filename.)
\"${shaCmd[@]}\" <<<\"\" | cut -d' ' -f1
return \"${PIPESTATUS[0]}\"
}
getSha512 " & quoted form of txt
end getSha512
# SYNOPSIS
# generateSalt(numChars)
# DESCRIPTION
# Generates NUMCHARS random *printable* ASCII characters that can serve as
# cryptographic salt. Due to the range of printable characters, each character
# returned contains ca. 6.55 bits of information.
# Thus, for instance, to get a 64-bit salt value, specify 10 for NUMCHARS.
# For a 128-bit value, specify 20.
# Use /dev/urandom as the source of random data.
# PREREQUISITES
# File /dev/urandom as a source of random bytes.
# The `head` utility must support the -c option to extract a number of *bytes*.
# Both BSD/OSX and Linux systems fulfill these requirements.
# EXAMPLE
# set salt to generateSalt(20) # get a ca. 128-bit salt value as 20 printable ASCII chars.
on generateSalt(numChars)
do shell script "
generateSalt() {
[[ -c /dev/urandom ]] || { echo 'ERROR: Random source /dev/urandom not available.' >&2; return 1; }
LC_ALL=C tr -cd '!\"#$%&'\''()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~' < /dev/urandom | head -c
}
generateSalt " & numChars
end generateSalt