In this first exercise we'll see how to compute hashes using the OpenSSL command line interface.

You can interact with the OpenSSL utilities in two ways:

• directly from bash, by using the openssl command followed by the desired command and parameters
• from the OpenSSL console, by using the openssl command without additional arguments. You can close the console by calling quit or exit.

If the manual pages are correctly installed, you can consult the documentation via man <command_name> (e.g. man md5).

Hashes are often used to check the integrity of downloaded files. We will now use OpenSSL to compute the MD5 and SHA-1 hashes of this page.

Download this page by running:

linux$ wget http://ocw.cs.pub.ro/courses/sasc/laboratoare/09

Use OpenSSL to compute the MD5 and SHA-1 hashes of the newly downloaded file; print the output in hexadecimal.

To check your results, you can use md5sum or sha1sum as an alternative way of computing the same hashes.

In this exercise you will implement the Birthday attack on SHA-1 from the previous lab using OpenSSL. The goal is to obtain a collision in the first four bytes of the hash.

You can implement the attack from scratch, or start from our archive here.

To compute a digest, you might find the code below useful:

    SHA_CTX context;
    SHA1_Init(&context);
    SHA1_Update(&context, buffer, length);
    SHA1_Final(md, &context); /* md must point to at least 20 bytes of valid memory */