{LINUX TIPS} MD5 HASHES: VERIFYING THE INTEGRITY OF YOUR FILES 02-25-2016, 04:43 AM
#1
Well then, it's been quite a while since I did one of these.
In light of the recent issue w/ Linux Mint I thought I'd teach you a quick way to verify files.
In the case I linked above, the Linux Mint ISO available for download on Feb 20th was a modified ISO that had a backdoor in it. Scary stuff. What could we do to reduce the chances of such a thing happening? Compare hashes.
A hash is an alpha-numeric representation of something. We can use this to verify the integrity of a file.
For example, let's say I have a text file with the word "potato" in it. If I then generate an MD5 hash of that file, we see something like this
The long string is the md5 hash for the file potato.txt. Now, watch what happens when I modify the file and instead put the word "potatoe" in it. Notice the extra e.
See what's happening here? Notice the file name is the SAME as it was before. I modified the word inside the text file, and as you can see the MD5 hash is COMPLETELY different.
So, when would you use this? Let's say you are downloading a file from some website. In the case of linux distros for example, they usually supply a known good md5 hash to verify your download. Sometimes, files can be damaged in transit, rendering them unusable, or inaccurate. Generating an MD5 on your newly downloaded file, and comparing it to the author's known-good hash, can tell you if the integrity of the file is in tact or not.
So now to the meat of the subject: How to do it.
If you already are running linux, it's easy. You simply use the md5sum command
This can sometimes take a few minutes to run depending on teh size of the file you're generating the hash for.
In a Windows environment, you have to get a tool from Microsoft. That tool is available at https://www.microsoft.com/en-us/download...x?id=11533 and is a stand alone exe.
you would run this simply by doing
More info below
I highly recommend you take the few minutes required to check the hash in anything you've downloaded. I can tell you of a recent story where I didn't check the hash of a downloaded file. I was installing a Linux distro on a laptop and it would get about 90% through one of the steps, and fail without any explanation or error code. After fighting for over an hour to try and find the cause of the issue, I decided to check the integrity of the ISO. Wouldn't you know it, the hashes didn't match, and the file I had was actually damaged in transit. After re-downloading and checking the hash, I had a valid ISO, and it installed first time, no problems
.
As always, let me know if you have any questions. I hope this information is useful and interesting.
Ch[/quote]eers
In light of the recent issue w/ Linux Mint I thought I'd teach you a quick way to verify files.
In the case I linked above, the Linux Mint ISO available for download on Feb 20th was a modified ISO that had a backdoor in it. Scary stuff. What could we do to reduce the chances of such a thing happening? Compare hashes.
A hash is an alpha-numeric representation of something. We can use this to verify the integrity of a file.
For example, let's say I have a text file with the word "potato" in it. If I then generate an MD5 hash of that file, we see something like this
Code:
8ee2027983915ec78acc45027d874316 .\potato.txtThe long string is the md5 hash for the file potato.txt. Now, watch what happens when I modify the file and instead put the word "potatoe" in it. Notice the extra e.
Code:
f0dc5f42de2651148ed243e26394cc93 .\potato.txtSee what's happening here? Notice the file name is the SAME as it was before. I modified the word inside the text file, and as you can see the MD5 hash is COMPLETELY different.
So, when would you use this? Let's say you are downloading a file from some website. In the case of linux distros for example, they usually supply a known good md5 hash to verify your download. Sometimes, files can be damaged in transit, rendering them unusable, or inaccurate. Generating an MD5 on your newly downloaded file, and comparing it to the author's known-good hash, can tell you if the integrity of the file is in tact or not.
So now to the meat of the subject: How to do it.
If you already are running linux, it's easy. You simply use the md5sum command
Quote:username@localhost ~$: md5sum /path/to/file
This can sometimes take a few minutes to run depending on teh size of the file you're generating the hash for.
In a Windows environment, you have to get a tool from Microsoft. That tool is available at https://www.microsoft.com/en-us/download...x?id=11533 and is a stand alone exe.
you would run this simply by doing
Code:
fciv.exe filenameMore info below
Code:
C:\Users> .\fciv.exe
//
// File Checksum Integrity Verifier version 2.05.
//
Usage: fciv.exe [Commands] <Options>
Commands: ( Default -add )
-add <file | dir> : Compute hash and send to output (default screen).
dir options:
-r : recursive.
-type : ex: -type *.exe.
-exc file: list of directories that should not be computed.
-wp : Without full path name. ( Default store full path)
-bp : specify base path to remove from full path name
-list : List entries in the database.
-v : Verify hashes.
: Option: -bp basepath.
-? -h -help : Extended Help.
Options:
-md5 | -sha1 | -both : Specify hashtype, default md5.
-xml db : Specify database format and name.
To display the MD5 hash of a file, type fciv.exe filenameI highly recommend you take the few minutes required to check the hash in anything you've downloaded. I can tell you of a recent story where I didn't check the hash of a downloaded file. I was installing a Linux distro on a laptop and it would get about 90% through one of the steps, and fail without any explanation or error code. After fighting for over an hour to try and find the cause of the issue, I decided to check the integrity of the ISO. Wouldn't you know it, the hashes didn't match, and the file I had was actually damaged in transit. After re-downloading and checking the hash, I had a valid ISO, and it installed first time, no problems
. As always, let me know if you have any questions. I hope this information is useful and interesting.
Ch[/quote]eers
---
Click here to get started with Linux!
If I helped you, please +rep me, apparently we've started over on Rep and I'd like to break 100 again...
Click here to get started with Linux!
If I helped you, please +rep me, apparently we've started over on Rep and I'd like to break 100 again...
Inori Wrote: got clickbaited by roger
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
