1.\" $FreeBSD$ 2.Dd September 7, 2008 3.Dt MD5 1 4.Os 5.Sh NAME 6.Nm md5 , sha1 , sha256, rmd160 7.Nd calculate a message-digest fingerprint (checksum) for a file 8.Sh SYNOPSIS 9.Nm md5 10.Op Fl pqrtx 11.Op Fl s Ar string 12.Op Ar 13.Nm sha1 14.Op Fl pqrtx 15.Op Fl s Ar string 16.Op Ar 17.Nm sha256 18.Op Fl pqrtx 19.Op Fl s Ar string 20.Op Ar 21.Nm rmd160 22.Op Fl pqrtx 23.Op Fl s Ar string 24.Op Ar 25.Sh DESCRIPTION 26The 27.Nm md5 , sha1 , sha256 28and 29.Nm rmd160 30utilities take as input a message of arbitrary length and produce as 31output a 32.Dq fingerprint 33or 34.Dq message digest 35of the input. 36It is conjectured that it is computationally infeasible to 37produce two messages having the same message digest, or to produce any 38message having a given prespecified target message digest. 39The 40.Tn MD5 , SHA-1 , SHA-256 41and 42.Tn RIPEMD-160 43algorithms are intended for digital signature applications, where a 44large file must be 45.Dq compressed 46in a secure manner before being encrypted with a private 47(secret) 48key under a public-key cryptosystem such as 49.Tn RSA . 50.Pp 51.Tn MD5 52has been completely broken as far as finding collisions is 53concerned, and should not be relied upon to produce unique outputs. 54This also means that 55.Tn MD5 56should not be used as part of a cryptographic signature scheme. 57At the current time (2009-01-06) there is no publicly known method to 58.Dq reverse 59MD5, i.e., to find an input given a hash value. 60.Pp 61.Tn SHA-1 62currently (2009-01-06) has no known collisions, but an attack has been 63found which is faster than a brute-force search, placing the security of 64.Tn SHA-1 65in doubt. 66.Pp 67It is recommended that all new applications use 68.Tn SHA-256 69instead of one of the other hash functions. 70.Pp 71The following options may be used in any combination and must 72precede any files named on the command line. 73The hexadecimal checksum of each file listed on the command line is printed 74after the options are processed. 75.Bl -tag -width indent 76.It Fl s Ar string 77Print a checksum of the given 78.Ar string . 79.It Fl p 80Echo stdin to stdout and append the checksum to stdout. 81.It Fl q 82Quiet mode - only the checksum is printed out. 83Overrides the 84.Fl r 85option. 86.It Fl r 87Reverses the format of the output. 88This helps with visual diffs. 89Does nothing 90when combined with the 91.Fl ptx 92options. 93.It Fl t 94Run a built-in time trial. 95.It Fl x 96Run a built-in test script. 97.El 98.Sh EXIT STATUS 99The 100.Nm md5 , sha1 , sha256 101and 102.Nm rmd160 103utilities exit 0 on success, 104and 1 if at least one of the input files could not be read. 105.Sh SEE ALSO 106.Xr cksum 1 , 107.Xr md5 3 , 108.Xr ripemd 3 , 109.Xr sha 3 , 110.Xr sha256 3 111.Rs 112.%A R. Rivest 113.%T The MD5 Message-Digest Algorithm 114.%O RFC1321 115.Re 116.Rs 117.%A J. Burrows 118.%T The Secure Hash Standard 119.%O FIPS PUB 180-2 120.Re 121.Rs 122.%A D. Eastlake and P. Jones 123.%T US Secure Hash Algorithm 1 124.%O RFC 3174 125.Re 126.Pp 127RIPEMD-160 is part of the ISO draft standard 128.Qq ISO/IEC DIS 10118-3 129on dedicated hash functions. 130.Pp 131Secure Hash Standard (SHS): 132.Pa http://csrc.nist.gov/cryptval/shs.html . 133.Pp 134The RIPEMD-160 page: 135.Pa http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html . 136.Sh ACKNOWLEDGMENTS 137This program is placed in the public domain for free general use by 138RSA Data Security. 139.Pp 140Support for SHA-1 and RIPEMD-160 has been added by 141.An Oliver Eikemeier Aq eik@FreeBSD.org . 142