How to Check SHA1 Hash of a String

Jun 6, 2012 - 3 Comments

terminal

Do you need to check the sha1 hash of a string? You can easily find the sha1 hash of any string from the command line, and this trick works to check sha1 hash from Mac OS or Linux.

We’ll use the openssl command to

Check SHA1 Hash of a String

Here is how to check the SHA1 digest of any text string, in this example we’ll use a password but you can use any text string. Launch Terminal and enter the following command:

echo -n "yourpassword" | openssl sha1

The output will look something like this:

(stdin)= b48cf0140bea12734db05ebcdb012f1d265bed84

That is the sha1 checksum of “yourpassword”, obviously change “yourpassword” to your actual password to see its hash. Likewise you can change this to any string, so if you want to check the sha1 hash of “ILoveStarWars81” then that simply plug that into the syntax.

This might look something like the following at a Terminal window:

Check SHA1 Hash of a String

Outside of this example, checking a SHA1 hash is frequently used to verify file or string integrity, which we’ve covered on several occasions before.

For some background, this can be helpful for discovering security issues. For exaaple, if you use LinkedIn you’ve probably heard by now that a major security breach occurred with over 6.5 million user passwords stolen and leaked to the web. The first thing you should do is change your password on that site, but if you want to see if your password was among those leaked you’d need the SHA1 hash of the password itself.

You could use that output to compare it against a list of leaked passwords in the recent LinkedIn example, but ultimately this can be used to verify any sha1 checksum.

.

Related articles:

Posted by: William Pearson in Command Line, Security, Tips & Tricks

3 Comments

» Comments RSS Feed

  1. Peter says:

    Thank you for your enormously helpful tip. I’m still very green (fumbling) with the command line and your post not only helped with an immediate need (thank you LinkedIn) but affirmed my modestly growing intuition that checking a hash string is probably somethin’ that can be handled natively in terminal. It also helped comparing your command line against openssl’s ‘man’ documentation. Nice

  2. Tom Newton says:

    Be sure to add a space character in front of your commandline, that way your password won’t get saved in ~/.bash_history (assuming fairly normal linux setup – probably same on OSX?)

  3. David Mendez says:

    Excellent timely advice. I’d recommend using the following command instead however, it removes the first 6 characters from the output:

    echo -n “mypassword123” | shasum | cut -c6-40

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site