PA5.3: Using OpenSSL to work with hash algorithms:
In this exercise, we will use OpenSSL on Astro to generate hashes, and verify the integrity of files.
To begin, log in to your Astro account using an SSH client of your choice, and complete the following steps:
- Find the lyrics to a song, and create a file that contains the lyrics. Also, create another file with the same lyrics, but replace one of the verses of chorus with one from a different song. Be sure to name the files to recall which is the correct version, but each file’s name should begin with your userid.
- Use a hash algorithm to create a “digest” which can be used to identify the correct file:
- Use the “digest” command to calculate several different digests for the file with the correct lyrics. You should use at least MD5 and SHA1. The syntax of the command is digest –a <algorithm> <file>
- The algorithms available are: md5, sha1, sha224, sha256, sha384, sha512
- Create a folder in the shared class directory on Astro with your userid, and copy both files you created with the song lyrics into your directory.
- Create a file that contains the digests of the correct lyrics file, and be sure to label each digest.
- Find another student’s directory, and use the digest command to computer the digest for each of their file.
- Which file contains the correct lyrics?
- How do you know which was the correct file?
- What was the digest you used to verify this?
- Compute the MD5 hash on the following two files… are these the same files?
- Look at the contents of the files (you will need to download them to your own computer, and use an application that can convert PostScript files to view as another format, or you can print.)
- How is it possible for these obviously different files to have the same digest? Can MD5 be trusted? How difficult is this type of attack?
- Does the sha1 digest correctly show these are different files?