Verifying file integrity by hashing with md5 and sha1

Verifying file integrity by hashing with md5 and sha1

Verifying file integrity by hashing with md5 and sha1 is todays topic. Downloading files poses risks, even when we know where they are being downloaded from. You can be sure they have not been tampered with or corrupted by verifying the hash provided by the author. This post and accompanying YouTube video will show you how to easily calculate the hash in Windows or Linux.

Calculating the hash in Linux

Calculating hashes in Linux is really easy since the utilities are installed by default on most distributions. Lets begin by creating a file with abcd1234 as it’s content. Now calculate the md5 hash by typing the following command:

md5sum test.txt

And you should get back this:

9ff1a0c82d7268b89aeeb112c7f9250b  test.txt

So far so good, we have calculated the md5 hash of the file. This hash is dependent on everything in the file, change one character and it will be totally different. Lets try it, edit the file and add the letter g to the end and rerun the hash calculation, you now get:

0673c410e689ae89e3f0559b4c6bca25  test.txt

Now take it back out and do the md5sum again, you should get the original value:

9ff1a0c82d7268b89aeeb112c7f9250b  test.txt

Which we do, but what if we add a space to the end? Lets see:

e8a102fb5ae9648412cfb853c0a8d408  test.txt

Yep a space is a character so it’s different. So based on that test how hard would it be for a miscreant to add a space to a piece of malware so it’s md5 hash would not show up on VirusTotal? Pretty darn easy. To calculate a sha1 hash just replace md5sum with sha1sum, or to do sha256 use sha256sum, and to do sha512, you got it sha512sum.

Calculating the hash in Windows

Windows is just as easy as Linux but we have to install the utility before we start.  To check the hash you need Microsoft’s FCIV (File Checksum Integrity Verifier) utility. Download it from Microsoft and install it by first creating a FCIV directory then let it extract the files there. Open powershell and cd to the FCIV directory and execute the following (use a file that is in your downloads directory):

./fciv.exe -md5 -sha1 c:\Users\your-user-name\Downloads\putty-64bit-0.70-installer.msi

And it should produce a result that looks something like this:

PS C:\Users\eda\FCIV> ./fciv.exe -md5 -sha1 C:\Users\eda\Downloads\putty-64bit-0.70-installer.msi
//
// File Checksum Integrity Verifier version 2.05.
//
                MD5                             SHA-1
-------------------------------------------------------------------------
983d8c71dd6eeed78012112b85734318 bc42729dc6f5c1089febbe139e2af09db9f0736d c:\users\eda\downloads\putty-64bit-0.70-installer.msi

Now you have the tools to check md5 and sha(x) checksums for all the files you download or malware you encounter.

If you have questions feel free to ask them in the comments below. I hope you enjoyed this blog post and the accompanying video, if you did please take a moment and give it a like also consider subscribing to my YouTube channel. I enjoy doing tutorials and how-to’s on cyber security topics and as long as they are popular I’ll keep doing them.

References

Some of the links we provide on the site are affiliate links and your use of that link provides this site with needed funding to provide this free content; and we greatly appreciate it! Without your support we could not sustain the site.

See Ya

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close Menu
About
Verified by MonsterInsights