xref: /freebsd/sbin/md5/md5.1 (revision 38f0b757fd84d17d0fc24739a7cda160c4516d81)
1.\" $FreeBSD$
2.Dd July 31, 2012
3.Dt MD5 1
4.Os
5.Sh NAME
6.Nm md5 , sha1 , sha256 , sha512, rmd160
7.Nd calculate a message-digest fingerprint (checksum) for a file
8.Sh SYNOPSIS
9.Nm md5
10.Op Fl pqrtx
11.Op Fl c Ar string
12.Op Fl s Ar string
13.Op Ar
14.Nm sha1
15.Op Fl pqrtx
16.Op Fl c Ar string
17.Op Fl s Ar string
18.Op Ar
19.Nm sha256
20.Op Fl pqrtx
21.Op Fl c Ar string
22.Op Fl s Ar string
23.Op Ar
24.Nm sha512
25.Op Fl pqrtx
26.Op Fl c Ar string
27.Op Fl s Ar string
28.Op Ar
29.Nm rmd160
30.Op Fl pqrtx
31.Op Fl c Ar string
32.Op Fl s Ar string
33.Op Ar
34.Sh DESCRIPTION
35The
36.Nm md5 , sha1 , sha256 , sha512
37and
38.Nm rmd160
39utilities take as input a message of arbitrary length and produce as
40output a
41.Dq fingerprint
42or
43.Dq message digest
44of the input.
45It is conjectured that it is computationally infeasible to
46produce two messages having the same message digest, or to produce any
47message having a given prespecified target message digest.
48The
49.Tn MD5 , SHA-1 , SHA-256 , SHA-512
50and
51.Tn RIPEMD-160
52algorithms are intended for digital signature applications, where a
53large file must be
54.Dq compressed
55in a secure manner before being encrypted with a private
56(secret)
57key under a public-key cryptosystem such as
58.Tn RSA .
59.Pp
60.Tn MD5
61has been completely broken as far as finding collisions is
62concerned, and should not be relied upon to produce unique outputs.
63This also means that
64.Tn MD5
65should not be used as part of a cryptographic signature scheme.
66At the current time (2009-01-06) there is no publicly known method to
67.Dq reverse
68MD5, i.e., to find an input given a hash value.
69.Pp
70.Tn SHA-1
71currently (2009-01-06) has no known collisions, but an attack has been
72found which is faster than a brute-force search, placing the security of
73.Tn SHA-1
74in doubt.
75.Pp
76It is recommended that all new applications use
77.Tn SHA-256
78instead of one of the other hash functions.
79.Pp
80The following options may be used in any combination and must
81precede any files named on the command line.
82The hexadecimal checksum of each file listed on the command line is printed
83after the options are processed.
84.Bl -tag -width indent
85.It Fl c Ar string
86Compare files to this md5 string.
87(Note that this option is not yet useful if multiple files are specified.)
88.It Fl s Ar string
89Print a checksum of the given
90.Ar string .
91.It Fl p
92Echo stdin to stdout and append the checksum to stdout.
93.It Fl q
94Quiet mode - only the checksum is printed out.
95Overrides the
96.Fl r
97option.
98.It Fl r
99Reverses the format of the output.
100This helps with visual diffs.
101Does nothing
102when combined with the
103.Fl ptx
104options.
105.It Fl t
106Run a built-in time trial.
107.It Fl x
108Run a built-in test script.
109.El
110.Sh EXIT STATUS
111The
112.Nm md5 , sha1 , sha256 , sha512
113and
114.Nm rmd160
115utilities exit 0 on success,
1161 if at least one of the input files could not be read,
117and 2 if at least one file does not have the same hash as the -c option.
118.Sh SEE ALSO
119.Xr cksum 1 ,
120.Xr md5 3 ,
121.Xr ripemd 3 ,
122.Xr sha 3 ,
123.Xr sha256 3 ,
124.Xr sha512 3
125.Rs
126.%A R. Rivest
127.%T The MD5 Message-Digest Algorithm
128.%O RFC1321
129.Re
130.Rs
131.%A J. Burrows
132.%T The Secure Hash Standard
133.%O FIPS PUB 180-2
134.Re
135.Rs
136.%A D. Eastlake and P. Jones
137.%T US Secure Hash Algorithm 1
138.%O RFC 3174
139.Re
140.Pp
141RIPEMD-160 is part of the ISO draft standard
142.Qq ISO/IEC DIS 10118-3
143on dedicated hash functions.
144.Pp
145Secure Hash Standard (SHS):
146.Pa http://csrc.nist.gov/cryptval/shs.html .
147.Pp
148The RIPEMD-160 page:
149.Pa http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html .
150.Sh ACKNOWLEDGMENTS
151This program is placed in the public domain for free general use by
152RSA Data Security.
153.Pp
154Support for SHA-1 and RIPEMD-160 has been added by
155.An Oliver Eikemeier Aq eik@FreeBSD.org .
156