Ssha512 value

Arran Cudbard-Bell a.cudbardb at
Wed Jan 28 16:53:39 CET 2015

> On 28 Jan 2015, at 21:38, Robert Graham <robert_graham at> wrote:
> Thanks for all your help Arran,this should do it now. Ill let you know
> what the results are when I run some tests. Have you or anyone on your
> team ran these tests with the sample data we provided?

I just did, and I can't reproduce your hashed values.

The strings you gave will be the same in UTF8 or latin1.

To confirm it wasn't the code in FreeRADIUS, I ran the test strings though openssl sha512.
The resulting hashes were the same as FreeRADIUS.

Your test strings:

arr2036 at power:~$ echo -n "Hellohello18888702" | openssl sha512
(stdin)= 6298c5de72a33bf3653462a338fa4ae26c4570b06a196b15c9cecda4f6daca53e4061ec19d0038815b9e8e0b66fed2f382736331d6a74c44691ed7557b1267c1
arr2036 at power:~$ echo -n "18888702Hellohello1" | openssl sha512
(stdin)= 764b34078e93c7ff1a4c1e221b854b1e307e540ecde3614d0653b0b8dc050b838d409458f9523712eef204bf8e152d2786e798514f8d7fbee967c2e3202793ee

Neither match the expected output:

and FreeRADIUS agrees with OpenSSL on the correct values.

I also noticed you said your code did:

	Hash( salt + password );

For every other salted hash in FreeRADIUS the salt is appended, not prepended. Same with Dovecot's SSHA2 hashing schemes (see bottom section on salting):


       public static byte[] Hash(string salt, string password)
           byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
           byte[] saltedPasswordBytes;

           if (string.IsNullOrEmpty(salt))
               saltedPasswordBytes = new byte[passwordBytes.Length];
               byte[] saltBytes = Encoding.Unicode.GetBytes(salt);
               saltedPasswordBytes = new byte[passwordBytes.Length +
               Array.Copy(saltBytes, 0, saltedPasswordBytes,
passwordBytes.Length, saltBytes.Length);

           Array.Copy(passwordBytes, saltedPasswordBytes,

           using (var hashProvider = new SHA512Managed())
               return hashProvider.ComputeHash(saltedPasswordBytes);

The good news is that you were wrong (assuming that code is C#).
If you look it copies the salted bytes into the saltedPasswordByes at 
destination index passwordBytes.length i.e. at an offset of passwordBytes.

It then fills in from the start of the array (index 0) up to the length
of passwordBytes.

Prototype for the first copy call is:

public static void Copy(
	Array sourceArray,
	int sourceIndex,
	Array destinationArray,
	int destinationIndex,
	int length

and the second:

public static void Copy(
	Array sourceArray,
	Array destinationArray,
	int length

So you should end up with Hash( password + salt );

You have the correct hash value for your test strings above. It's up to you 
guys to figure out why they don't match. Not much more we can do from here.

Though first off, i'd check the lengths are what you'd expect, make 
sure no trailing junk (like newlines) has accidentally been appended to the 


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

More information about the Freeradius-Users mailing list