sha1sum

sha1sum is a computer program that calculates and verifies SHA-1 hashes. It is commonly used to verify the integrity of files. It (or a variant) is installed by default in most Linux distributions. Variants include shasum (which permits SHA-1 through SHA-512 hash functions to be selected manually), sha224sum, sha256sum, sha384sum and sha512sum, which use a specific SHA-2 hash function, and sha3sum (which permits SHA-3 through SHA3-512, SHAKE, RawSHAKE and Keccak functions to be selected manually). Versions for Microsoft Windows also exist, and the ActivePerl distribution includes a Perl implementation of shasum. On FreeBSD and OpenBSD the utilities are called md5, sha1, sha256, and sha512. These versions offer slightly different options and features. Additionally, FreeBSD offers the "SKEIN" family of message digests.

The SHA-1 variants are proven vulnerable to collision attacks, and users should use, for example, a SHA-2 variant such as sha256sum instead to prevent tampering by an adversary.[1][2]

It is included in GNU Core Utilities,[3] Busybox[4] and Toybox.[5]

ExamplesEdit

To create a file with an sha1 hash in it, if one is not provided:

$ sha1sum filename [filename2] ... > SHA1SUM

If distributing one file, ".sha1" may be appended to the filename e.g.:

$ sha1sum --binary my-zip.tar.gz > my-zip.tar.gz.sha1

The output contains one line per file of the form "{hash} SPACE (ASTERISK|SPACE) [{directory} SLASH] {filename}". (Note well, if the hash digest creation is performed in text mode instead of binary mode, then there will be two space characters instead of a single space character and an asterisk.) For example:

$ sha1sum -b my-zip.tar.gz
d5db29cd03a2ed055086cef9c31c252b4587d6d0 *my-zip.tar.gz
$ sha1sum -b subdir/filename2
55086cef9c87d6d031cd5db29cd03a2ed0252b45 *subdir/filename2

To verify that a file was downloaded correctly or that it has not been tampered with:

$ sha1sum -c SHA1SUM
filename: OK
filename2: OK
$ sha1sum -c my-zip.tar.gz.sha1
my-zip.tar.gz: OK

Hash file treesEdit

sha1sum can only create checksums of one or multiple files inside a directory, but not of a directory tree, i.e. of subdirectories, sub-subdirectories, etc. and the files they contain. This is possible by using sha1sum in combination with the find command with the -exec option, or by piping the output from find into xargs. sha1deep can create checksums of a directory tree.

To use sha1sum with find:

$ find s_* -type f -exec sha1sum '{}' \;
65c23f142ff6bcfdddeccebc0e5e63c41c9c1721  s_1/file_s11
d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2  s_2/file_s21
5590e00ea904568199b86aee4b770fb1b5645ab8  s_a/file_02

Likewise, piping the output from find into xargs yields the same output:

$ find s_* -type f | xargs sha1sum
65c23f142ff6bcfdddeccebc0e5e63c41c9c1721  s_1/file_s11
d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2  s_2/file_s21
5590e00ea904568199b86aee4b770fb1b5645ab8  s_a/file_02

See alsoEdit

ReferencesEdit

  1. ^ Bruce Schneier. "Cryptanalysis of SHA-1". Schneier on Security.
  2. ^ https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
  3. ^ https://www.gnu.org/software/coreutils/manual/html_node/sha1sum-invocation.html
  4. ^ https://github.com/mirror/busybox/blob/a6f8651/testsuite/sha1sum.tests
  5. ^ https://github.com/landley/toybox/blob/409a8e093a4ea8e0892ab302b4fd433d08f435eb/toys/lsb/md5sum.c#L17

External linksEdit