Home

Quick MD5 hash of a string

Fri, 2008.07.18 - 08:46 — müzso
As a developer/admin, sometimes you might have to generate the MD5 hash of a string. Eg. last time I had to do this, when I installed the admin interface of XCache on a server. I had to create an MD5 of the admin password and put it into xcache.ini. The docs said that I should create a PHP file with something like <?php echo md5('the_password'); ?> to get the MD5 hash. However there's a much faster way, a simple command line.

If you're a regular linux user (or admin) you've probably already met the md5sum command. This was meant to generate (and compare) MD5 hashes of files. However you can generate the MD5 hash of data coming from standard input too. You just have to be careful that the input you provide to md5sum is indeed what you meant.

Here's a command line that'll work in most cases:
echo -n 'the_password' | md5sum -

I wrote "most cases", because I used the -n switch of the /bin/echo command in the above example to force echo not to add a newline character automatically behind the string I supplied. Now in your case echo might refer to a shell builtin or have different switches. The point is to make sure that md5sum really gets only the string that you intended.

PS: using the various sha*sum commands (sha1sum, sha256sum, sha512sum, ...) you can use this method to generate various SHA hashes. These commands (md5sum, sha*sum) are all part of the coreutils package (Debian, Ubuntu) and are probably part of most linux distributions nowadays. Chances are high that they are all available on your linux setup too.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 2008.07.18 - 13:23 — airwin

Or use perl perl

Or use perl Smile

perl -MDigest::MD5 -le 'print Digest::MD5->md5_base64("the_password")'

Fri, 2008.07.18 - 15:25 — müzso

Re: Or use Perl

Yes, that's one way to do it, too. Some sort of an MD5 function is probably available in most scripting languages. However ...
  • perl is a little bit less likely to appear on a linux server, than the coreutils package (actually default linux setups most probably already have perl too, but it's easier to install a server with coreutils and without perl, than with perl and without coreutils Wink ) Of course this is only true if we're talking about a Debian server ... I don't know whether SUSE or Fedora or other distros have the same coreutils as Debian has. They might have md5sum in a separate package and not present on all setups by default.
  • md5sum requires a lot less I/O and CPU (to do the same job) than perl
Tue, 2010.07.27 - 18:26 — Anonymous (not verified)

Bash History

I would just recommend running:

rm ~/.bash_history

...when you are done to avoid someone seeing your password in plaintext if the development system is a shared box.

Tue, 2010.07.27 - 18:38 — müzso

Re: Bash History

Well ... shell history is saved upon exit from the shell. Thus if you delete the history file inside the shell where you executed a command with a password (as part of the commandline), then the password will still get into the new shell history file that will be created, when you exit the current shell. To prevent the history of the current working shell from being saved to disk, you should unset the HISTFILE environment variable. Like:
unset HISTFILE

Thu, 2012.02.09 - 21:07 — Anonymous (not verified)

Python

Python
>>> import hashlib
>>> hashlib.md5(b"secretstring").hexdigest()

CMD.exe
Could not pipe string into md5sums without extra characters Sad