[openssl-users] OpenSSL SHA algorithm

Kurt Roeckx kurt at roeckx.be
Tue Dec 26 13:44:06 UTC 2017


On Mon, Dec 25, 2017 at 07:44:58PM -0800, Swapnil Deshpande wrote:
> Hi all,
> 
> Noob here. I recently discovered that the "-sha1" and "-sha" flags in the
> "openssl dgst" command produce different outputs. I thought those were the
> same algorithms but turns out they are not:
> 
> $ echo -n "password" | openssl dgst -sha
> 
> 80072568beb3b2102325eb203f6d0ff92f5cef8e
> 
> 
> $ echo -n "password" | openssl dgst -sha1
> 
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> 
> 
> I am aware of SHA1 and the SHA-128 algorithm.
> 
> 
> 1. What algorithm is used to generate hash when I use the "-sha" option?

It's the original SHA algorithm, which people will now refer to as
SHA-0. It has some minor but important changes compared to SHA-1.

> 2. What could I have done to get this answer to #1 in a better way? I am
> asking this because I tried to find what algorithm is being used through
> the "help" option as well as trying to search via "man openssl" but
> couldn't find anything. I also did a basic search for "openssl sha vs sha1"
> and couldn't find any relevant results. If there was a better way to know
> more about this option (say by reading some documentation), I'd be glad to
> know about it.

I started a pull request:
https://github.com/openssl/openssl/pull/4979

There are probably other changes that should happen.


Kurt



More information about the openssl-users mailing list