path: root/bin/md5/sha1.1

.\"	$OpenBSD: sha1.1,v 1.30 2012/05/13 16:49:44 jmc Exp $
.\"
.\" Copyright (c) 2003, 2004, 2006 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" Sponsored in part by the Defense Advanced Research Projects
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
.Dd $Mdocdate: May 13 2012 $
.Dt SHA1 1
.Os
.Sh NAME
.Nm sha1
.Nd calculate a message-digest fingerprint (checksum) for a file
.Sh SYNOPSIS
.Nm sha1
.Op Fl bpqrtx
.Op Fl c Op Ar checklist ...
.Op Fl s Ar string
.Op Ar
.Sh DESCRIPTION
.Nm
takes as input a message of arbitrary length and produces
as output a 160-bit "fingerprint" or "message digest" of the input.
It is conjectured that it is computationally infeasible to produce
two messages having the same message digest (a collision), or to produce any
message having a given prespecified target message digest.
However, researchers have developed theoretical attacks that significantly
reduce the amount of time needed to find a collision in
.Em SHA-1 .
The use of other message digest functions, such as
.Xr sha256 1 ,
is now preferred.
.Pp
The
.Em SHA-1
algorithm is intended for digital signature applications, where a
large file must be "compressed" in a secure manner before being
encrypted with a private (secret) key under a public-key cryptosystem
such as
.Em RSA .
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl b
Output checksums in base64 notation, not hexadecimal.
.It Xo
.Fl c
.Op Ar checklist ...
.Xc
Compares all checksums contained in the file
.Ar checklist
with newly computed checksums for the corresponding files.
Output consists of the digest used, the file name,
and an OK or FAILED for the result of the comparison.
This will validate any of the supported checksums (see
.Xr cksum 1 ) .
If no file is given, stdin is used.
.It Fl p
Echoes stdin to stdout and appends the
.Em SHA-1
sum to stdout.
.It Fl q
Only print the checksum (quiet mode).
.It Fl r
Reverse the format of the hash algorithm output, making
it match the output format used by
.Xr cksum 1 .
.It Fl s Ar string
Prints a checksum of the given
.Ar string .
.It Fl t
Runs a built-in time trial.
Specifying
.Fl t
multiple times results in the number of rounds being multiplied
by 10 for each additional flag.
.It Fl x
Runs a built-in test script.
.El
.Pp
The SHA-1
sum of each file listed on the command line is printed after the options
are processed.
.Pp
The
.Nm
command is shorthand for
.Bd -literal -offset indent
cksum -a sha1
.Ed
.Pp
The
.Xr cksum 1
command can also be used to compute digests from the SHA-2 family:
sha256, sha384 and sha512.
.Sh EXIT STATUS
.Ex -std sha1
.Sh SEE ALSO
.Xr cksum 1 ,
.Xr md5 1 ,
.Xr sha256 1
.Rs
.%A J. Burrows
.%T The Secure Hash Standard
.%O FIPS PUB 180-1
.Re
.Rs
.%A D. Eastlake and P. Jones
.%T US Secure Hash Algorithm 1
.%O RFC 3174
.Re
.Rs
.%A X. Wang
.%A Y. Yin
.%A H. Yu
.%T Finding Collisions in the Full SHA-1
.%J Crypto
.%D 2005
.Re
.Sh CAVEATS
Theoretical attacks that significantly reduce the amount of time needed
to find a collision in
.Em SHA-1
have been developed.
The use of
.Xr sha256 1
is recommended instead.