Making a salted hash in the terminal
I want to create an AppleScript that generates a salted hash with a terminal. Is there a specific terminal command that can generate a salted hash, preferably a secure one like SHA-512? If possible, I'd like a one-liner, so I can use it with the do shell script command. I searched the web but couldn't find a way to generate a salted hash in the terminal, just the usual one.
I am running OS X Mavericks 10.9.5.
From what I understand, at least conceptually, what you are asking for requires two steps:
- Get the value of a random salt.
- Concatenate the salt value with the input text (password) and calculate the hash for the combined value.
For later verification, you will need to store the salt along with the resulting hash.
The following AppleScript handlers carry wrapper functions that provide the required functionality — preceded by sample requests.
Disclaimer: My understanding of this field is limited, so grab these functions with salt (ha!).
The salt-forming function was gratefully adapted from this post .
# Sample text to hash. set passwd to "somePassword" # Generate salt value with 10 chars, amounting to about a 64-bit value. set salt to generateSalt(10) # Compute hash from combined salt and input value. set hash to getSha512(salt & passwd) # SYNOPSIS # getSha512(text) # DESCRIPTION # Calculates and outputs TEXT hash value using the SHA-512 (SHA-2) algorithm. # Output is a 128-characters string composed of lowercase hexadecimal digits. # To create a salted hash, obtain a salt with generateSalt() first and # prepend it to the text to hash. # PREREQUISITES # Requires either the sha512sum or the shasum utility. One or the other should be # available on BSD/OSX and Linux systems. # EXAMPLE # set salt to generateSalt(20) # set hash to getSha512(salt & passwd) on getSha512(txt) do shell script " getSha512() { local -a shaCmd if command -v sha512sum &>/dev/null; then shaCmd=( sha512sum ) elif command -v shasum &>/dev/null; then shaCmd=( shasum -a 512 ) else { echo 'ERROR: Cannot locate SHA-512-generating utility.' >&2; return 1; } fi # Invoke the SHA-generating command and output the first space-separated field. # (The subsequent fields indicate the mode and input filename.) \"${shaCmd[@]}\" <<<\"$1\" | cut -d' ' -f1 return \"${PIPESTATUS[0]}\" } getSha512 " & quoted form of txt end getSha512 # SYNOPSIS # generateSalt(numChars) # DESCRIPTION # Generates NUMCHARS random *printable* ASCII characters that can serve as # cryptographic salt. Due to the range of printable characters, each character # returned contains ca. 6.55 bits of information. # Thus, for instance, to get a 64-bit salt value, specify 10 for NUMCHARS. # For a 128-bit value, specify 20. # Use /dev/urandom as the source of random data. # PREREQUISITES # File /dev/urandom as a source of random bytes. # The `head` utility must support the -c option to extract a number of *bytes*. # Both BSD/OSX and Linux systems fulfill these requirements. # EXAMPLE # set salt to generateSalt(20) # get a ca. 128-bit salt value as 20 printable ASCII chars. on generateSalt(numChars) do shell script " generateSalt() { [[ -c /dev/urandom ]] || { echo 'ERROR: Random source /dev/urandom not available.' >&2; return 1; } LC_ALL=C tr -cd '!\"#$%&'\\''()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~' < /dev/urandom | head -c $1 } generateSalt " & numChars end generateSalt
source to share