在终端生成盐渍哈希

I want to make an AppleScript that generates a salted hash with Terminal. Is there a specific Terminal command that can generate a salted hash, preferably a secure one like SHA-512? If possible, I would like one that's a one-liner so I can use it with the do shell script command. I searched the web but didn't find a way to generate a salted hash in Terminal, just a regular one.

我想制作一个AppleScript,用Terminal生成盐渍哈希。是否有特定的终端命令可以生成盐渍哈希,最好是像SHA-512这样的安全哈希?如果可能的话,我希望有一个单行,所以我可以使用do shell脚本命令。我在网上搜索但没有找到在终端中生成盐渍哈希的方法,只是常规方法。

I'm running OS X Mavericks 10.9.5.

我正在运行OS X Mavericks 10.9.5。

1 个解决方案

#1

From what I understand, at least conceptually, what you're asking for requires 2 steps:

根据我的理解,至少从概念上讲,你要求的是两个步骤:

Obtain a random salt value.

获得随机盐值。

Concatenate the salt value with the input text (password) and compute the hash for the combined value.

将salt值与输入文本(密码)连接,并计算组合值的哈希值。

For later verification, you'll have to store the salt along with the resulting hash.

为了以后的验证,您必须将salt与生成的哈希一起存储。

The following AppleScript handlers wrap shell functions that provide the requisite functionality - they're preceded by sample invocations.

以下AppleScript处理程序包含提供必需功能的shell函数 - 它们之前是示例调用。

Disclaimer: my understanding of this field is limited, so take these functions with a grain of salt (ha!).

免责声明:我对这个领域的理解是有限的,所以要把这些功能带上一粒盐(哈!)。

The salt-generating function was gratefully adapted from this post.

从这篇文章中很好地改编了生成盐的功能。

# Sample text to hash.
set passwd to "somePassword"

# Generate salt value with 10 chars, amounting to about a 64-bit value.
set salt to generateSalt(10)

# Compute hash from combined salt and input value.
set hash to getSha512(salt & passwd)


# SYNOPSIS
#   getSha512(text)
# DESCRIPTION
#   Calculates and outputs TEXT's hash value using the SHA-512 (SHA-2) algorithm.
#   Output is a 128-characters string composed of lowercase hexadecimal digits.
#   To create a salted hash, obtain a salt with generateSalt() first and
#   prepend it to the text to hash.
# PREREQUISITES
#   Requires either the sha512sum or the shasum utility. One or the other should be
#   available on BSD/OSX and Linux systems.
# EXAMPLE
#   set salt to generateSalt(20)
#   set hash to getSha512(salt & passwd)
on getSha512(txt)
    do shell script "
getSha512() {
  local -a shaCmd
  if command -v sha512sum &>/dev/null; then
    shaCmd=( sha512sum )
  elif command -v shasum  &>/dev/null; then
    shaCmd=( shasum -a 512 )
  else
    { echo 'ERROR: Cannot locate SHA-512-generating utility.' >&2; return 1; }
  fi
  # Invoke the SHA-generating command and output the first space-separated field.
  # (The subsequent fields indicate the mode and input filename.)
  \"${shaCmd[@]}\" <<<\"$1\" | cut -d' ' -f1
  return \"${PIPESTATUS[0]}\"
}
getSha512 " & quoted form of txt
end getSha512

# SYNOPSIS
#   generateSalt(numChars)
# DESCRIPTION
#   Generates NUMCHARS random *printable* ASCII characters that can serve as 
#   cryptographic salt. Due to the range of printable characters, each character
#   returned contains ca. 6.55 bits of information.
#   Thus, for instance, to get a 64-bit salt value, specify 10 for NUMCHARS.
#   For a 128-bit value, specify 20.
#   Use /dev/urandom as the source of random data.
# PREREQUISITES
#   File /dev/urandom as a source of random bytes.
#   The `head` utility must support the -c option to extract a number of *bytes*.
#   Both BSD/OSX and Linux systems fulfill these requirements.
# EXAMPLE
#   set salt to generateSalt(20) # get a ca. 128-bit salt value as 20 printable ASCII chars.
on generateSalt(numChars)
    do shell script "
generateSalt() {
  [[ -c /dev/urandom ]] || { echo 'ERROR: Random source /dev/urandom not available.' >&2; return 1; }
  LC_ALL=C tr -cd '!\"#$%&'\\''()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~' < /dev/urandom | head -c $1
}
generateSalt " & numChars
end generateSalt

#1