How to Check SHA1 Hash of a String

Jun 6, 2012 - 3 Comments

Check SHA1 Hash of a String

If you use LinkedIn you’ve probably heard by now that a major security breach occurred with over 6.5 million user passwords stolen and leaked to the web. The first thing you should do is change your password on that site, but if you want to see if your password was among those leaked you’d need the SHA1 hash of the password itself.

Here is how to check the SHA1 digest of any text string, in this example we’ll use a password. Launch Terminal and enter the following command:

echo -n "yourpassword" | openssl sha1

The output will look something like this:

(stdin)= b48cf0140bea12734db05ebcdb012f1d265bed84

That is the sha1 checksum of “yourpassword”, obviously change “yourpassword” to your actual password to see its hash.

You could use that output to compare it against a list of leaked passwords in the recent LinkedIn example, but ultimately this can be used to verify any sha1 checksum.

Outside of this example, checking a SHA1 hash is frequently used to verify file or string integrity, which we’ve covered on several occasions before.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: William Pearson in Command Line, Security, Tips & Tricks

3 Comments

» Comments RSS Feed

  1. David Mendez says:

    Excellent timely advice. I’d recommend using the following command instead however, it removes the first 6 characters from the output:

    echo -n “mypassword123″ | shasum | cut -c6-40

  2. Tom Newton says:

    Be sure to add a space character in front of your commandline, that way your password won’t get saved in ~/.bash_history (assuming fairly normal linux setup – probably same on OSX?)

  3. Peter says:

    Thank you for your enormously helpful tip. I’m still very green (fumbling) with the command line and your post not only helped with an immediate need (thank you LinkedIn) but affirmed my modestly growing intuition that checking a hash string is probably somethin’ that can be handled natively in terminal. It also helped comparing your command line against openssl’s ‘man’ documentation. Nice

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates