| Friday May 27th 2016

HOWTO: Use md5sum to Verify Data Integrity


First of all, what’s a hash?
A hash is the output of a one-way, reproducible function for creating a small fingerprint from a chunk of data. For example, when the popular hash function MD5 is given the word “cat”, it produces the following output every time:

If “cat” is changed to “cats” the resulting hash is completely different:

No matter how much data the hash function is given, the fingerprint stays the same size. No matter how small the change to the data, the fingerprint will be totally different.

What’s md5sum?
A simple tool called md5sum is used for working with hashes in Linux. It allows hashes to be created and compared using the MD5 hash function. md5sum comes installed by default in Ubuntu and virtually every other Linux distribution. (It’s part of the GNU core utilities.)

Calculate MD5 hashes
Calculating hashes for one or more files is easy. Simply run md5sum followed by a list of as many files as you like. This command generates hashes for one.txt, two.txt, and displays the results:
md5sum one.txt two.txt

Save MD5 hashes to a file
Saving the hashes generated by md5sum lets you easily verify the files later. To do this, you need to redirect standard output to a file. This is done using the the greater than “>” sign after the command. The command below hashes the two files and saves the results to a new file called mymd5sums:
md5sum one.txt two.txt > mymd5sums

Verify MD5 hashes
The md5sum command saves not only the hashes, but also the filenames. This means that after you save one or more hashes to a file, you can use this file to verify all of the hashes at once. Run md5sum with the -c option and the name of the file containing the hashes. This command hashes all the files listed in mymd5sums, and compares them to the saved hashes:
md5sum -c mymd5sums

If the files hashed before, one.txt and two.txt, are unchanged md5sum would display this:
one.txt: OK
two.txt: OK

But if one.txt was changed:
one.txt: FAILED
two.txt: OK
md5sum: WARNING: 1 of 2 computed checksums did NOT match

Verify Ubuntu CD downloads
When you download an Ubuntu (or any other) CD image, you should make sure the file’s hash is correct. Doing this ensures your CD will work properly, and that the file is official and has not been modified by a third party.

To do this for Ubuntu CDs, click the link at the bottom of the Ubuntu download page to view the complete list of download locations. After you choose a mirror and select an Ubuntu release, scroll down to the file listing and find the MD5SUMS file and download it to the same directory as the ISOs. The MD5SUMS file contains a hash for every CD. Verify your CD using the -c option I explained earlier:
md5sum -c MD5SUMS

It will take a few seconds for an ISO to be hashed. All of the files you didn’t download will fail when they are not found by md5sum. But the files you did download should get an OK when they are found to be correct.

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.