How to create md5 hash via Arch Linux commandline?
In Arch Linux, how can I create a single md5 hash for a password using the command line? Of course, I am aware that there are secure password hashing algorithms available, which md5 is not, but this is just part of an experiment.
Simply echo it to md5sum.
The first result will consider a newline character in the end of the string, prior to generating the hash.
$ echo P@ssword1 | md5sum
0a43c426e3d6764fe1f3f7cbb3579eba -
Otherwise as @AFH states if you wish to not have a newline character do the following:
$ echo -n 'P@ssword1' | md5sum
d106b29303767527fc11214f1b325fb6 -
None of the answers mention that with echo -n 'password' | …, you will write your password to persistent storage, namely your history.
You can avoid this, depending on the shell, by prefixing the command with a space (test this for your shell). Read up on your shells documentation on how this is handled.
Alternatively, you can use md5sum directly, by running md5sum, typing the password and then Ctrl+D. Do not hit Enter between the password and Ctrl+D, unless you want to have include a newline in the hash.
Here is an example using openssl
echo -n 'stack overflow' | openssl md5
(stdin)= 481b8423202598ecfb233c5fa68caf68
Openssl implement several different hashing algorithms, if you need a different one some day.
It seems like everyone is suggesting to use echo -- at least, most of the time, thankfully, with -n, which alleviates one of its problems (that it prints a newline at the end).
But echo isn't necessarily consistent. It has a number of behavioral quirks that you need to keep in mind, and can be incompatible between systems. It's better to use printf instead.
Hence, you should be using
$ printf '%s' 'P@ssword1' | md5sum
d106b29303767527fc11214f1b325fb6 -
$
With printf, if you want a newline at the end, you have to explicitly add it yourself:
$ printf '%s\n' 'P@ssword1' | md5sum
0a43c426e3d6764fe1f3f7cbb3579eba -
$ echo 'P@ssword1' | md5sum
0a43c426e3d6764fe1f3f7cbb3579eba -
$
instead of having to ask to not get it (and hoping echo works the same on the system this happens to be running on at some later point):
$ echo -n 'P@ssword1' | md5sum
d106b29303767527fc11214f1b325fb6 -
$
To expand on the point on the quirks of echo that I mentioned above, here are a few:
- It works differently on various systems. Many modern systems support
-nto tellechoto not terminate the output with a newline, but some might not. And what if you want to actually print-n? Some implementations might actually differ based on settings in the shell or environment. - It handles, or might not handle, some character sequences (particularly backslash-escaped characters) in a special way. It's not entirely unreasonable to have those in passwords, and POSIX doesn't guarantee anything about the behavior of echo (its behavior is specifically undefined) if the first argument is
-nor any of its arguments contain backslashes.
The answers to the above-linked question on using printf instead of echo have several more, as well as further links for more reading if you are curious.
The question suggests something else to me, so for completeness:
There is an MD5-based salted password hashing method, which replaced the original DES-based crypt() for use in /etc/shadow. It has been replaced by newer things now, but if you ever encounter "MD5 password hashing" in the wild, it may refer to this rather than a plain MD5.
These MD5-based hashes are marked by the prefix $1$ and you can calculate them with openssl passwd -1