Get SHA-512 hashed string in erlang

2
votes

The requirement is to get the hashed SHA-512 based string for a given password in erlang. However the API crypto:hash() returns some binary data. Also is there an option to provide salt value in this API ?

32> crypto:hash(sha512,"password").                                 
<<215,224,160,147,228,234,208,93,217,94,133,49,214,115,67,
  187,112,144,78,139,206,144,117,67,50,80,2,113,78,...>>
2
cryptographyerlang
the output of a hash-function is typically not a string (i.e. printable (ASCII) characters). If you need that, convert it to base64. - jps

2 Answers

2
votes

If you need to print out the result of call function crypto:hash(sha512,"password"). for readability - you can try convert result eg:

1> Secret = crypto:hash(sha512, "password").
<<177,9,243,187,188,36,78,184,36,65,145,126,208,109,97,
  139,144,8,221,9,179,190,253,27,94,7,57,76,112,...>>
2> <<SHA512:512/big-unsigned-integer>> = Secret. 
<<177,9,243,187,188,36,78,184,36,65,145,126,208,109,97,
  139,144,8,221,9,179,190,253,27,94,7,57,76,112,...>>
3> io_lib:format("~128.16.0b", [SHA512]).
"b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86"

About salt - looks like you need implement this logic in your end. Eg: salt will be added into start or into end of string what will be encrypted and client will send this into server and in server side you will try to check it, but for this case you need to know the salt in advance.

2
votes

Unlikely, as a salt is not an input parameter of a secure hash. A secure hash such as SHA-512 only has one input: a binary message (and similarly, as output a statically sized binary value).

SHA-512 can however be used as primitive to create other algorithms. For instance, you can build a key derivation function out of it. If that KDF is used for passwords, then we talk about a password based KDF or - more commonly - a password hash. Now a password hash does include a salt as input parameter.

One such PBKDF is PBKDF2 which uses HMAC, which in turn can use SHA-512 (or any hash algorithm, defaulting to SHA-1). It is defined in the password based encryption (PBE) standard called PKCS#5.

Finally, there are password hash documents that define how an the algorithm type, salt, work factor / iterations and password hash may be contained into a single string for easy verification. Those are generally just defined by somebody when the need arises; they are not really standardized as such.