我想制作一个 AppleScript,用终端生成 salted 哈希。是否有特定的终端命令可以生成加盐哈希,最好是像 SHA-512 这样的安全哈希?如果可能的话,我想要一个单行的,这样我就可以将它与 do shell script 命令一起使用。我搜索了网络,但没有找到在终端中生成加盐哈希的方法,只是一个普通的。
我正在运行 OS X Mavericks 10.9.5。
【问题讨论】:
openssl dgst -sha512(openssl sha512 仅适用于更高版本,例如 v1.0.1f 上Ubuntu 14.04)。也就是说,您必须使用带有 SHA 算法的dgst 命令作为选项。但是,openssl 不会帮助生成盐。
标签: hash terminal applescript osx-mavericks
据我了解,至少在概念上,您所要求的需要 2 个步骤:
为了以后的验证,您必须将盐与生成的哈希一起存储。
以下 AppleScript 处理程序封装了提供必要功能的 shell 函数 - 它们前面是示例调用。
免责声明:我对这个领域的理解有限,所以对这些功能持保留态度(哈哈!)。
盐生成函数感谢地改编自this post。
# Sample text to hash.
set passwd to "somePassword"
# Generate salt value with 10 chars, amounting to about a 64-bit value.
set salt to generateSalt(10)
# Compute hash from combined salt and input value.
set hash to getSha512(salt & passwd)
# SYNOPSIS
# getSha512(text)
# DESCRIPTION
# Calculates and outputs TEXT's hash value using the SHA-512 (SHA-2) algorithm.
# Output is a 128-characters string composed of lowercase hexadecimal digits.
# To create a salted hash, obtain a salt with generateSalt() first and
# prepend it to the text to hash.
# PREREQUISITES
# Requires either the sha512sum or the shasum utility. One or the other should be
# available on BSD/OSX and Linux systems.
# EXAMPLE
# set salt to generateSalt(20)
# set hash to getSha512(salt & passwd)
on getSha512(txt)
do shell script "
getSha512() {
local -a shaCmd
if command -v sha512sum &>/dev/null; then
shaCmd=( sha512sum )
elif command -v shasum &>/dev/null; then
shaCmd=( shasum -a 512 )
else
{ echo 'ERROR: Cannot locate SHA-512-generating utility.' >&2; return 1; }
fi
# Invoke the SHA-generating command and output the first space-separated field.
# (The subsequent fields indicate the mode and input filename.)
\"${shaCmd[@]}\" <<<\"$1\" | cut -d' ' -f1
return \"${PIPESTATUS[0]}\"
}
getSha512 " & quoted form of txt
end getSha512
# SYNOPSIS
# generateSalt(numChars)
# DESCRIPTION
# Generates NUMCHARS random *printable* ASCII characters that can serve as
# cryptographic salt. Due to the range of printable characters, each character
# returned contains ca. 6.55 bits of information.
# Thus, for instance, to get a 64-bit salt value, specify 10 for NUMCHARS.
# For a 128-bit value, specify 20.
# Use /dev/urandom as the source of random data.
# PREREQUISITES
# File /dev/urandom as a source of random bytes.
# The `head` utility must support the -c option to extract a number of *bytes*.
# Both BSD/OSX and Linux systems fulfill these requirements.
# EXAMPLE
# set salt to generateSalt(20) # get a ca. 128-bit salt value as 20 printable ASCII chars.
on generateSalt(numChars)
do shell script "
generateSalt() {
[[ -c /dev/urandom ]] || { echo 'ERROR: Random source /dev/urandom not available.' >&2; return 1; }
LC_ALL=C tr -cd '!\"#$%&'\\''()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~' < /dev/urandom | head -c $1
}
generateSalt " & numChars
end generateSalt
【讨论】:
set passCode to "123456",set salt to random number from 10000000 to 99999999(这是盐)set passAndSalt to passCode & salt,do shell script "echo " & passAndSalt & " | shasum -a 512 | 'awk {print $1}'
do shell script "echo " & passAndSalt & " | shasum -a 512 | awk '{print $1}'"),但请注意,您的盐限制为 9000 万种可能性,即少于 27 位的随机性,而建议的最小值为 64 位。我的函数为每个字节提供了更多的随机性,并且不受 AppleScript 实数可以容纳的范围的限制。因此,在字节数相同 (8) 的情况下,我的函数为您提供大约 两倍 的位数,并且使用 10 个字节将为您提供超过 64 位,如我的示例所示。
display alert salt;在脚本编辑器中,如果您使日志可见(View > Show Log),您可以使用log salt 并在下方窗格中查看结果;更多信息,请参阅this answer。