1.\" $FreeBSD$ 2.Dd September 7, 2008 3.Dt MD5 1 4.Os 5.Sh NAME 6.Nm md5 , sha1 , sha256 , rmd160 7.Nd calculate a message-digest fingerprint (checksum) for a file 8.Sh SYNOPSIS 9.Nm md5 10.Op Fl pqrtx 11.Op Fl c Ar string 12.Op Fl s Ar string 13.Op Ar 14.Nm sha1 15.Op Fl pqrtx 16.Op Fl c Ar string 17.Op Fl s Ar string 18.Op Ar 19.Nm sha256 20.Op Fl pqrtx 21.Op Fl c Ar string 22.Op Fl s Ar string 23.Op Ar 24.Nm rmd160 25.Op Fl pqrtx 26.Op Fl c Ar string 27.Op Fl s Ar string 28.Op Ar 29.Sh DESCRIPTION 30The 31.Nm md5 , sha1 , sha256 32and 33.Nm rmd160 34utilities take as input a message of arbitrary length and produce as 35output a 36.Dq fingerprint 37or 38.Dq message digest 39of the input. 40It is conjectured that it is computationally infeasible to 41produce two messages having the same message digest, or to produce any 42message having a given prespecified target message digest. 43The 44.Tn MD5 , SHA-1 , SHA-256 45and 46.Tn RIPEMD-160 47algorithms are intended for digital signature applications, where a 48large file must be 49.Dq compressed 50in a secure manner before being encrypted with a private 51(secret) 52key under a public-key cryptosystem such as 53.Tn RSA . 54.Pp 55.Tn MD5 56has been completely broken as far as finding collisions is 57concerned, and should not be relied upon to produce unique outputs. 58This also means that 59.Tn MD5 60should not be used as part of a cryptographic signature scheme. 61At the current time (2009-01-06) there is no publicly known method to 62.Dq reverse 63MD5, i.e., to find an input given a hash value. 64.Pp 65.Tn SHA-1 66currently (2009-01-06) has no known collisions, but an attack has been 67found which is faster than a brute-force search, placing the security of 68.Tn SHA-1 69in doubt. 70.Pp 71It is recommended that all new applications use 72.Tn SHA-256 73instead of one of the other hash functions. 74.Pp 75The following options may be used in any combination and must 76precede any files named on the command line. 77The hexadecimal checksum of each file listed on the command line is printed 78after the options are processed. 79.Bl -tag -width indent 80.It Fl c Ar string 81Compare files to this md5 string. 82(Note that this option is not yet useful if multiple files are specified.) 83.It Fl s Ar string 84Print a checksum of the given 85.Ar string . 86.It Fl p 87Echo stdin to stdout and append the checksum to stdout. 88.It Fl q 89Quiet mode - only the checksum is printed out. 90Overrides the 91.Fl r 92option. 93.It Fl r 94Reverses the format of the output. 95This helps with visual diffs. 96Does nothing 97when combined with the 98.Fl ptx 99options. 100.It Fl t 101Run a built-in time trial. 102.It Fl x 103Run a built-in test script. 104.El 105.Sh EXIT STATUS 106The 107.Nm md5 , sha1 , sha256 108and 109.Nm rmd160 110utilities exit 0 on success, 1111 if at least one of the input files could not be read, 112and 2 if at least one file does not have the same hash as the -c option. 113.Sh SEE ALSO 114.Xr cksum 1 , 115.Xr md5 3 , 116.Xr ripemd 3 , 117.Xr sha 3 , 118.Xr sha256 3 119.Rs 120.%A R. Rivest 121.%T The MD5 Message-Digest Algorithm 122.%O RFC1321 123.Re 124.Rs 125.%A J. Burrows 126.%T The Secure Hash Standard 127.%O FIPS PUB 180-2 128.Re 129.Rs 130.%A D. Eastlake and P. Jones 131.%T US Secure Hash Algorithm 1 132.%O RFC 3174 133.Re 134.Pp 135RIPEMD-160 is part of the ISO draft standard 136.Qq ISO/IEC DIS 10118-3 137on dedicated hash functions. 138.Pp 139Secure Hash Standard (SHS): 140.Pa http://csrc.nist.gov/cryptval/shs.html . 141.Pp 142The RIPEMD-160 page: 143.Pa http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html . 144.Sh ACKNOWLEDGMENTS 145This program is placed in the public domain for free general use by 146RSA Data Security. 147.Pp 148Support for SHA-1 and RIPEMD-160 has been added by 149.An Oliver Eikemeier Aq eik@FreeBSD.org . 150