{"id":33,"date":"2011-08-16T14:00:10","date_gmt":"2011-08-16T14:00:10","guid":{"rendered":"http:\/\/www.vidarholen.net\/contents\/blog\/?p=33"},"modified":"2011-07-28T08:32:39","modified_gmt":"2011-07-28T08:32:39","slug":"implementation-of-sha512-crypt-vs-md5-crypt","status":"publish","type":"post","link":"https:\/\/www.vidarholen.net\/contents\/blog\/?p=33","title":{"rendered":"Implementation of SHA512-crypt vs MD5-crypt"},"content":{"rendered":"<p>If you have a new installation, you&#8217;re probably using SHA512-based passwords instead of the older MD5-based passwords described in detail in the <a href=\"\/contents\/blog\/?p=32\">previous post<\/a>, which I&#8217;ll assume you&#8217;ve read. sha512-crypt is very similar to md5-crypt, but with some interesting differences.<\/p>\n<p>Since the implementation of sha512 is really less interesting than the comparison with md5-crypt, I&#8217;ll describe it by striking out the relevant parts of the md5-crypt description and writing in what sha512-crypt does instead.<\/p>\n<p>Like md5-crypt, it can be divided into three phases. Initialization, loop, and finalization. <\/p>\n<ol>\n<li>Generate a simple <strike>md5<\/strike> <i>sha512<\/i> hash based on the salt and password<\/li>\n<li>Loop <strike>1000<\/strike> <i>5000<\/i> times, calculating a new sha512 hash based on the previous hash concatenated with alternatingly the <i>hash of the<\/i> password and the salt. <i>Additionally, sha512-crypt allows you to specify a custom number of rounds, from 1000 to 999999999<\/i><\/li>\n<li>Use a special base64 encoding on the final hash to create the password hash string<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>The main differences are the higher number of rounds, which can be user selected for better (or worse) security, the use of the hashed password and salt in each round, rather than the unhashed ones, and a few tweaks of the initialization step.<\/p>\n<p>&nbsp;<\/p>\n<p>Here&#8217;s the real sha512-crypt initialization.<\/p>\n<ol>\n<li>Let &#8220;password&#8221; be the user&#8217;s ascii password, &#8220;salt&#8221; the ascii salt (truncated to <strike>8<\/strike> <i>16<\/i> chars) <strike>, and &#8220;magic&#8221; the string &#8220;$1$&#8221;<\/strike><\/li>\n<li>Start by computing the Alternate sum, <code>sha512(password + salt + password)<\/code><\/li>\n<li>Compute the Intermediate<sub>0<\/sub> sum by hashing the concatenation of the following strings:\n<ol>\n<li>Password<\/li>\n<li><strike>Magic<\/strike><\/li>\n<li>Salt<\/li>\n<li>length(password) bytes of the Alternate sum, repeated as necessary<\/li>\n<li>For each bit in length(password), from low to high and stopping after the most significant set bit\n<ul>\n<li>If the bit is set, append <strike>a NUL byte<\/strike> <i>the Alternate sum<\/i><\/li>\n<li>If it&#8217;s unset, append <strike>the first byte of<\/strike> the password<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<li><i>New: Let S_factor be 16 + the first byte of Intermediate<sub>0<\/sub><\/i><\/li>\n<li><i>New: Compute the S bytes, length(salt) bytes of sha512(salt, concatenated S_factor times). <\/i><\/li>\n<li><i>New: Compute the P bytes, length(password) bytes of sha512(password), repeated as necessary<\/i><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>Step 3.5 &#8212; which was very strange in md5-crypt &#8212; now makes a little more sense. We also calculated the S bytes and P bytes, which from here on will be used just like salt and password was in md5-crypt.<\/p>\n<p>From this point on, the calculations will only involve the <strike>password<\/strike> <i>P bytes<\/i>, <strike>salt<\/strike> <i>S bytes<\/i>, and the Intermediate<sub>0<\/sub> sum. Now we loop 5000 times (by default), to stretch the algorithm.<\/p>\n<ul>\n<li>For i = 0 to <i>4<\/i>999 (inclusive), compute Intermediate<sub>i+1<\/sub> by concatenating and hashing the following:\n<ol>\n<li>If i is even, Intermediate<sub>i<\/sub><\/li>\n<li>If i is odd, <strike>password<\/strike> <i>P bytes<\/i><\/li>\n<li>If i is not divisible by 3, <strike>salt<\/strike> <i>S bytes<\/i><\/li>\n<li>If i is not divisible by 7, <strike>password<\/strike> <i>P bytes<\/i><\/li>\n<li>If i is even, <strike>password<\/strike> <i>P bytes<\/i><\/li>\n<li>If i is odd, Intermediate<sub>i<\/sub><\/li>\n<\/ol>\n<p>At this point you don&#8217;t need Intermediate<sub>i<\/sub> anymore.\n<\/li>\n<\/ul>\n<p>You will now have ended up with Intermediate<sub>5000<\/sub>. Let&#8217;s call this the Final sum. Since sha512 is 512bit, this is 64 bytes long.<\/p>\n<p>The bytes will be rearranged, and then encoded as 86 ascii characters using the same base64 encoding as md5-crypt.<\/p>\n<ol>\n<li>Output the magic, &#8220;$6$&#8221;<\/li>\n<li><i>New: If using a custom number of rounds, output &#8220;rounds=12345$&#8221;<\/i><\/li>\n<li>Output the salt<\/li>\n<li>Output a &#8220;$&#8221; to separate the salt from the encrypted section<\/li>\n<li>Pick out the 64 bytes in this order: 63  62 20 41  40 61 19  18 39 60  59 17 38  37 58 16  15 36 57  56 14 35  34 55 13  12 33 54  53 11 32  31 52 10   9 30 51  50  8 29  28 49  7  6 27 48  47  5 26  25 46  4   3 24 45  44  2 23  22 43  1   0 21 42\n<ul>\n<li>For each group of 6 bits (there&#8217;s 86 groups), starting with the least significant\n<ul>\n<li>Output the corresponding base64 character with this index<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>And yes, I do have a shell script for this as well: <a href=\"\/contents\/junk\/files\/sha512crypt.bash\">sha512crypt<\/a>. This one takes about a minute to generate a hash, due to the higher number of rounds. However, it doesn&#8217;t support custom rounds.<\/p>\n<p>I hope these two posts have provided an interesting look at two exceedingly common, but often overlooked, algorithms!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you have a new installation, you&#8217;re probably using SHA512-based passwords instead of the older MD5-based passwords described in detail in the previous post, which I&#8217;ll assume you&#8217;ve read. sha512-crypt is very similar to md5-crypt, but with some interesting differences. Since the implementation of sha512 is really less interesting than the comparison with md5-crypt, I&#8217;ll &hellip; <a href=\"https:\/\/www.vidarholen.net\/contents\/blog\/?p=33\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Implementation of SHA512-crypt vs MD5-crypt&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5,4,22],"tags":[33,34,35,36],"class_list":["post-33","post","type-post","status-publish","format-standard","hentry","category-advanced-linux","category-linux","category-security","tag-hashing","tag-md5","tag-password","tag-sha512"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=\/wp\/v2\/posts\/33","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=33"}],"version-history":[{"count":0,"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=\/wp\/v2\/posts\/33\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=33"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=33"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vidarholen.net\/contents\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=33"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}