How to calculate RIPEMD-160 with openssl?

creon 2015-01-17 22:30:32 UTC #1

Hi,

I hope this wasn’t asked before, I wasn’t able to find anything on the forums regarding this. Just for fun, and because Jordan asked for confirmation, I tried to verify the motion hash of the burning proposal:

So what I did was copying the text of the proposal and pasted it into a normal ascii file called txt and then I called:

openssl rmd160 txt

However, I never get a hash that matches the proposal. I also tried the python hashlib library and still get the same, wrong, hash. What am I doing wrong?

JordanLee 2015-01-17 22:48:33 UTC #2

While I suppose different methods are possible, I copy the content of the motion (from the first letter to the last period, excluding any container) and paste that into this online RIPEMD-160 calculator:

woolly_sammoth 2015-01-17 23:30:04 UTC #3

I have had a similar issue to @creon. The open source motion hash wouldn’t come out the same in Python as it did in the online tools
There have been instances of different browsers using differently implemented javascript libraries that can cause issues elsewhere in cryptography. I’m not aware of anything specific to any browser or RIPEMD160 but the fact that different tools gave different hashes caused a little concern.
It is that which inspired the first function of the assistant bot I’m creating for this forum.
if you send the bot a PM with the word ‘hash’ as the first word, any other text in the PM is converted to a standardised motion format and the RIPEMD160 hash calculated. I also plan to make a verification function so that the bot can say whether the motion text has been changed in the OP of a motion thread.
The bot uses the Python hashlib to do the hashing. If everyone uses the same tool to hash and format their motions, we should get more consistency and other tools could potentially scrape the forum to find motions specifically, for data feeds for example.

The bot is still in testing but I will write up a proper post with instructions once it’s ready

creon 2015-01-17 23:36:44 UTC #4

Thanks @JordanLee and @woolly_sammoth. It appears that the problem is the copy function of browsers (in my case google chrome). There are some browser which replace the newline char \n to \r\n and there are some browsers who don’t. My browser (google chrome) does not replace them, Jordans website apparently does. The following code works for me and outputs the same hash as posted by Jordan (bda115840291067ba0814032f0c93d4d5900a5cf):

import sys import hashlib h = hashlib.new('ripemd160') h.update(bytes.decode(open(sys.argv[1]).read().strip().replace('\n', '\r\n'))) print h.hexdigest()

JordanLee 2015-01-18 00:27:53 UTC #5

I’m glad to see that @woolly_sammoth is crafting a solution to verify hashes in a way that isn’t browser dependent. I used the Tor browser to calculate the hash, which most likely will work the same as Firefox.