Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

HOWTO: SHA512 hashing of tokens

Guides, HOWTOs etc on how to setup Cryptostorm on PCs, smartphones, tablets and routers.

Topic Author
Guest

SHA512 Calculator - manual alternatives? | CLOSED

Postby Guest » Sat Feb 08, 2014 11:11 pm

Maybe its just me being a newb dumbass but - none the less I will ask the question..... surely https://cryptostorm.is/sha512.html should include a link to a 'sticky' on •This obviously requires Javascript (which is sort of the point as it keeps things on your PC as opposed to out on the wires where the NSA or whoever can scrape them off of the interwebs) so if you're using noscript or have Javascript turned off you're pretty much better off using other methods for getting your hash. Sorry.

I'm sure that somewhere on the forums there are links - but - wouldn't a link to a sticky thread help?

User avatar

Graze
Posts: 247
Joined: Mon Dec 17, 2012 2:37 am
Contact:

Re: SHA512 Calculator

Postby Graze » Sun Feb 09, 2014 8:56 am

Actually... excellent point. It sort of leaves the issue up in the air, and assumes folks will hunt down such resources themselves - which is rather silly, and needlessly complex, versus a thread here that details alternatives available.

I'll put one together this weekend! :-)
------------------------
My avatar is pretty much what I look like. ;) <-- ...actually true, says pj
WebMonkey, Foilhat, cstorm evangelnomitron.
Twitter: @grazestorm.
For any time sensitive help requests, best to email the fine bots in support@cryptostorm.is or via Bitmessage at BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ ;)

User avatar

Graze
Posts: 247
Joined: Mon Dec 17, 2012 2:37 am
Contact:

HOWTO: SHA512 hashing of tokens

Postby Graze » Fri Feb 21, 2014 3:54 pm

For cryptostorm members who are not using the windows widget, it is necessary to hash your token prior to providing it to your connection client as "username." This post collects together links, suggestions, and known issues in this hashing process. The theoretical framework in support of this hash transform as part of cryptostorm's security model is being discussed in a parallel thread, in another subforum here.

A "hash" is a one-way mathematical transformation. When we talk about "hashing" your network access token, we mean that you will take the token - including the dashes - and input it into a tool that does this mathematical transformation. The result will be an alphanumeric string of digits that is exactly 128 bytes long. This long string of text is your actual "username" on the cryptocloud network. In fact, the actual token itself is never stored on any of cryptostorm's exitnodes or production network infrastructure: only the hashed value. It is not difficult to see the security benefit from this, as "reversing" a hashed token back to its original, pre-hashed value is extraordinarily computationally intensive (i.e. difficult).

The easiest way to hash your token is via our javascript-based hashing tool. However, it's entirely acceptable to use other tools, to use terminal interface utilities, or to do whatever else you prefer: the SHA512 hash function is public, published, widely-studied maths. Any correct implementation of it will yield the same result when fed the same input.
------------------------
My avatar is pretty much what I look like. ;) <-- ...actually true, says pj
WebMonkey, Foilhat, cstorm evangelnomitron.
Twitter: @grazestorm.
For any time sensitive help requests, best to email the fine bots in support@cryptostorm.is or via Bitmessage at BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ ;)

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: HOWTO: SHA512 hashing of tokens

Postby Pattern_Juggled » Fri Feb 21, 2014 4:01 pm

There is a known issue with unintended "end of line" (EOL) characters being injected into SHA512 inputs when using certain terminal-based utilities. The result is a hash value that is incorrect, and "auth failed" messages from the cryptostorm network. We thank a patient network member for helping to track down this particularly frustrating behaviour; if you're self-hashing locally via terminal tools, please read over this lightly-redacted/edited snippet from a bitmessage conversation, to ensure you're using the correct terminal syntax for a clean hash result.

When I hash: {token}

With: https://cryptostorm.is/sha512.html

I get: {redacted}

And here's what's going on: your hashing from the command line is including invisible EOC in the start value. Here's how you can replicate the error. First, run this to hash the token via OpenSSL's "digest" tool (which I prefer, because I'm strange like that):

{redacted}@CryptostormDev:~$ echo "{token}" | openssl dgst -sha512

...and you get, viola:
(stdin)= {redacted}

(which is NOT the hash of the token in question, but matches yours to the digit)

In contrast, here's the syntax that's needed (obscurely enough) to avoid EOLs in the hashing:

{redacted}@CryptostormDev:~$ echo -n "{token}" | openssl dgst -sha512

Which returns...
(stdin)= {redacted}

Bingo.

(this assumes you have the OpenSSL libraries available locally, which I'm assuming you do)

{edited out, unrelated discussion}

Now, this EOC issue is pretty important. Oh, and I didn't figure it out, I cheated - Stack Overflow to the rescue!
http://stackoverflow.com/questions/1106 ... hell-stdin

This needs to be posted to the forum asap, as I'm quite sure other "auth fails" are resulting from exactly this problem. If you aren't interested in posting, let me know and I'll do so - and gladly provide attribution to you for hunting down this bug, if you are ok with that.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Graze
Posts: 247
Joined: Mon Dec 17, 2012 2:37 am
Contact:

Re: SHA512 Calculator

Postby Graze » Fri Feb 21, 2014 4:21 pm

A starter thread on manually hashing tokens has been started in the connection guides subforum - I'll keep adding resources to it to flesh it out, and make it more useful :-)
------------------------
My avatar is pretty much what I look like. ;) <-- ...actually true, says pj
WebMonkey, Foilhat, cstorm evangelnomitron.
Twitter: @grazestorm.
For any time sensitive help requests, best to email the fine bots in support@cryptostorm.is or via Bitmessage at BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ ;)

User avatar

privangle
Posts: 97
Joined: Thu Apr 25, 2013 5:57 am

Re: HOWTO: SHA512 hashing of tokens

Postby privangle » Sat Sep 20, 2014 7:19 am

Just another linux command line for the token hashing:

echo -n "your-token" | sha512sum

The result gives you the sha512-hash of your token, i.e. 128 numbers and letters. At the end, ignore the 2 or 3 blanks and the "-", only take the 128 numbers.

Or copy the following little script in a text editor:

Code: Select all

# stdin: string - stdout: sha512(string)
# ======================================

echo "SHA512 - Enter the string to hash: "
read t
tsha=`echo -n $t | sha512sum`
echo " "
echo "sha512($t)= "
echo " "
echo ${tsha:0:128}
echo " "


The script cuts up the 2 or 3 blanks and the "-" at the and gives you exactly the 128 hash numbers&caracters of the token.

Safe the script to a short name (s512 or s5 or something like that, make it executable (chmod 755 s5) and copy it into one of the directories listed when you launch the command: echo $PATH

Then you can call your little script from everywhere.

User avatar

exempt
Posts: 31
Joined: Sun Dec 29, 2013 7:49 am

Re: HOWTO: SHA512 hashing of tokens

Postby exempt » Wed Nov 12, 2014 12:50 am

Alternative way on linux, much easier in my opinion:

Code: Select all

echo -n YOURTOKENHERE | sha512sum | awk '{print $1}'





The corresponding script would be something like

Code: Select all

#!/bin/bash

echo "Enter the token and I will give you the SHA512 hash"
read token

printf "\n"
echo -n $token | sha512sum | awk '{print $1}'


Run it in terminal, paste the token, and you will be given the hash.


Topic Author
dfkt

Re: HOWTO: SHA512 hashing of tokens

Postby dfkt » Thu Jan 29, 2015 1:23 pm

Maybe this is useful to some of you. I made a stripped-down offline version of the calculator, contained in one HTML file: http://paste.debian.net/142813/


Return to “guides, HOWTOs & tutorials”

Who is online

Users browsing this forum: No registered users and 2 guests

Login