mysqlsha2

MYSQL SHA2 512 with multiple transformations

I have to count SHA2 512 checksum, but there is also requirement of "number of transformations". I can't find any answer. Anyone can help me using MYSQL/MSSQL ? Is it possible at all using those languages?

EDIT: number of transformations : 5000

SELECT (SHA2( '20191018143572123034102012221314181237774212' , 512));

Recieved: 371a4fbf2b393338d0a6c619ec18fe5f636fdc1992c09763acfd5dae0bb97b13359fb091e4a196ba085d1a60a312733d6a384e937e32c9aef7063c7911d46b84

Expected : f8b915776eab735fdd10266b2e66068447904852b82c30eeb6de30703a087eb17ea4c4a37630494607194ddb9354c1211bd984fb5f4d9cff95f5a24ed52065e7

Solution

  • Fill a table with 5000 or more rows.

    mysql> create table n ( n smallint unsigned auto_increment primary key);
mysql> insert into n (n) select null;
mysql> insert into n (n) select null from n;
... repeat doubling the rows in the table until you have more than 5000 rows ...

    Set a session variable to your original string.

    mysql> set @value = '20191018143572123034102012221314181237774212';

    Set the variable to a hash of itself for each row in a 5000 row set.

    mysql> select @value := sha2(@value, 512) from n limit 5000;

    The last row of that query will be the result of hashing 5000 times. You can also query the variable's current value:

    mysql> select @value;
+----------------------------------------------------------------------------------------------------------------------------------+
| @value                                                                                                                           |
+----------------------------------------------------------------------------------------------------------------------------------+
| f8b915776eab735fdd10266b2e66068447904852b82c30eeb6de30703a087eb17ea4c4a37630494607194ddb9354c1211bd984fb5f4d9cff95f5a24ed52065e7 |
+----------------------------------------------------------------------------------------------------------------------------------+

    Frankly, this is easier in practically any other programming language besides SQL.

    You should just use a loop.

    You might also want to use a different hashing method that uses key stretching instead of relying on 5000 repetitions of SHA2. Typically, repeating re-hashing that many times is done to make the calculation take longer, to make it less attractive for attackers to try automated password guessers.

    You can also just use SELECT SLEEP(1) or an equivalent function in your app if you want to add a small delay.