Some command line examples about sha

1 Print hash of a string

Input:

# print the hash of a string in Hex format

echo -n "The quick brown fox jumps over the lazy dog" | sha1sum | awk {'print $1'}

# print the hash of a string in Base64 format

echo -n "The quick brown fox jumps over the lazy dog" | sha1sum | awk {'print $1'} | xxd -r -p | base64

Output:

2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

L9ThxnotKPzthJ7hu3bnORuT6xI=

Pay attention to the "-n" option of echo command. Without it, the string will have an extra "\n" added before being hashed.

2 SHA1 collision example

shattered.io provides two different pdf files which have the same SHA hash value.

Download these two pdf files from:

https://shattered.it/static/shattered-1.pdf

https://shattered.it/static/shattered-2.pdf

$ diff shattered-*

Binary files shattered-1.pdf and shattered-2.pdf differ

$ sha1sum shattered-*

38762cf7f55934b34d179ae6a4c80cadccbb7f0a  shattered-1.pdf

38762cf7f55934b34d179ae6a4c80cadccbb7f0a  shattered-2.pdf

$ sha256sum shattered-*

2bb787a73e37352f92383abe7e2902936d1059ad9f1ba6daaa9c1e58ee6970d0  shattered-1.pdf

d4488775d29bdef7993367d541064dbdda50d383f89f0aa13a6ff2e0894ba5ff  shattered-2.pdf

We can see that the two pdf files are different, have different sha256 hash, but share the same sha1 value. This is one good example of a hash collision in SHA1, and means SHA1 is NOT secure anymore!