md5 - How does applications read my hashed passwords?
2014-07
eregus
mpdas (last.fm scrobbler for mpd) forces one to write password hashed in md5. But if it's hashed, how does it login to last.fm? Isn't hash function one-way only?
Scott Chamberlain
Because last.fm does not store your password, they only store the md5 hash of your password (which is still not a very good idea, passwords should be salted and should go through many iterations to slow it down, but maybe they just use the md5 as a starting point before they store it in the database).
They compare the stored md5 to the transmitted md5 and let you log in.
Kieveli
I'm interested in storing an indicator of file / directory integrity between two archived copies of directories. It's around 1TB of data stored recursively on hard drives. Is there a way using OpenSSL to generate a single hash for all the files that can be used as a comparison between two copies of the data, or at a later point to verify the data has not changed?
AaronLS
You could recursively generate all the hashes, concatenate the hashes into a single file, then generate a hash of that file.
John T
You can't do a cumulative hash of them all to make a single hash, but you can compress them first then compute the hash:
$tar -czpf archive1.tar.gz folder1/
$tar -czpf archive2.tar.gz folder2/
$openssl md5 archive1.tar.gz archive2.tar.gz
to recursively hash each file:
$find . -type f -exec openssl md5 {} +
Rudedog
Doing a md5 sum on the tar would never work unless all of the metadata (creation date, etc.) was identical as well, because tar stores that as part of its archive.
I would probably do an md5 sum of the contents of all of the files:
find folder1 -type f | sort | tr '\n' '\0' | xargs -0 cat | openssl md5
find folder2 -type f | sort | tr '\n' '\0' | xargs -0 cat | openssl md5
Stephen