What is SHA & What is the problem

SHA, also Secure Hashing Algorithm, is a widely used hash algorithm. It is used to validate the integrity of your files and messages. However, your hash may looks like this.


This is a SHA256sum, it is a 64-byte long string constructed with HEX. It is hard to remember and if you need to verify the integrity of the files with your recipient over, let’s say phone or IRC. This could be hard to communicate.


I found a useful repository on GitHub that can convert the sha256sum into words. REPO .


This tutorial will mainly focus on Debian/Ubuntu GNU/Linux platform, but other distros and macOS should work. Windows, well, forget it.

First, make sure you have gcc, git, libbsd-dev and make (specifically build-essential) installed.

Next, clone the repository.

git clone https://github.com/kirei/sha2wordlist --depth=1
cd sha2wordlist

Finally, you just need to compile and install it.

make LIBS=-lbsd

Now you will have an executable file called sha2wordlist. Copy this file to somewhere in your path, e.g. /usr/bin.


You can use make LIBS=-lbsd sha2wordlist.deb to build a deb package, and use dpkg -i ./sha2wordlist.deb to install it. This will make the system cleaner and more organized.

Note this is only for Debian-based systems with dpkg package manager.


$ sha2wordlist < example.zip
SHA-256:    e35386cfc8311b630a29da909dff48d3334caf2ee85c6318a86d1496afa5ed14
PGP Words:  tissue enterprise necklace Saturday spaniel company beeswax Galveston allow certify surmount millionaire quadrant Yucatan deadbolt sociable chisel disbelief rocker coherence trauma fascinate flatfoot borderline retouch hazardous baboon monument rocker paperweight tunnel belowground

The PGP Words are the words you want, they are unique and relatively easy to read and check by humans.

Note that you should use < to pass the file to the program. That also means sha2wordlist example.zip won’t work!