Okay I’m going to teach you how to use the linux command line to produce simple hashes that could help you verify if data integrity has been compromised.
First we’ll use the linux command called “cksum” and then compare that to a hash type program.
First create a simple text file and fill it with this text…
I’ll test this file.
Save the file with the filename test.txt since we’ll be running a test on it.
Then in the linux terminal make sure you are in the directory with the file and type…
cksum test.txt
The output will be
197391445 21 test.txt
The long number is the cksum hash and the number 21 is how many characters the file has. Each character in a computer takes one byte (8 bits) to store so this tells us we have 21 bytes of data in the file.
Now reopen the file and modify it to say…
I tested this file.
Save the file and again type…
cksum test.txt
And the output will be…
3076019627 20 test.txt
Because the two files are different the numbers are different, both the hash and the amount of characters.
This is a simple type of hash check, but it has been proven that the mathematical complexity of cksum’s operations are not sufficient to prevent a person from modifying a file in subtle or ingenious ways to avoid detection. We need a more powerful program to help us.
If we using the Message-Digest algorithm 5 (MD5) standard we’ll have a better chance at detecting a small change to the file.
It is based on a 128-bit (16 byte) cryptograph as detailed in RFC 1321 in case you are curious.
Linux gives us access to md5 hashing through the terminal program md5sum.
Keep the file as currently modified and run the terminal command…
md5sum test.txt
and the output should be…
3cb9b9865ddfa82845154ae6e123f77d test.txt
And then modify the file to read…
This will work better.
Save it and again run the command…
md5 test.txt
and the output will be…
05fea462e3f791ecbb4af17e31fba5f8 test.txt
Obviously the two numbers are different proving the file has been modified.
The only bad thing is that you don’t get a readout of how long the file is, so if you want that information use cksum also.
Now if you want to use other types of checks it might be a good idea to install a program called rhash as it allows for multiple methods.
To do this type the terminal commands…
sudo apt-get update
sudo apt-get install rhash
And you’ll have the program.
Rhash is a recursive hasher and gives you access to various message disgest hash sums including CRC32, MD4, MD5, SHA1, SHA256, SHA512, Tiger, DC++ TTH, BitTorrent BTIH, AICH,
ED2K, GOST R 34.11-94, RIPEMD-160, HAS-160, EDON-R 256/512, Whirlpool, Snefru-128/256.
And it can even produce a torrent file from each checked file if you want. Pretty cool tool huh?
Now we use it in the same way as cksum and md5sum. Just type…
rhash test.txt
and you’ll get the output of something like…
; Generated by RHash v1.3.3 on 2017-08-26 at 21:41.08
; Written by Aleksey (Akademgorodok) – http://rhash.sourceforge.net/
;
; 23 21:28.07 2017-08-26 test.txt
test.txt 8BE60135
This is kind of cool because if we stored that information in a file we’d know when the file was tested and what version of the software did it and the length of the file (23 characters) and the time of the file’s creation and so on. So it’s a lot more verbose.
The standard mode is to test the file with the CRC32 method but you can specify that mode by typing…
rhash -C test.txt
Make sure you use a capital C as a lower case c is for checking hash files so don’t confuse the two.
If you want to use one of the other methods exchange the letter C for any of these options…
-C, –crc32
CRC32: calculate and print CRC32 hash sum.
–md4 MD4: calculate and print MD4 hash sum.
-M, –md5
MD5: calculate and print MD5 hash sum.
-H, –sha1
SHA1: calculate and print SHA1 hash sum.
–sha224, –sha256, –sha384, –sha512
Calculate specified SHA2 hash sum.
–tiger
Tiger: calculate and print Tiger hash sum.
-T, –tth
TTH: calculate and print DC++ TTH sum.
–btih BTIH: calculate and print BitTorrent Info Hash.
-A, –aich
AICH: calculate and print AICH hash.
-E, –ed2k
ED2K: calculate and print eDonkey 2000 hash sum.
-L, –ed2k-link
eDonkey link: calculate and print eDonkey link.
-W, –whirlpool
Whirlpool: calculate and print Whirlpool hash sum.
-G, –gost
GOST: calculate and print GOST R 34.11-94 hash, the Russian GOST
standard hash function.
–gost-cryptopro
GOST-CRYPTOPRO: calculate and print CryptoPro version of the
GOST R 34.11-94 hash function.
–ripemd160
RIPEMD-160: calculate and print RIPEMD-160 hash sum.
–has160
HAS-160: calculate and print HAS-160 hash sum.
–snefru128, –snefru256
SNEFRU: calculate and print SNEFRU-128/256 hash sums.
–edonr256, –edonr512
EDON-R: calculate and print EDON-R 256/512 hash sums.
-a, –all
Calculate all supported hash sums.
–list-hashes
List names of all supported hashes, one per line.
Wow. That’s a lot huh? Now if we want to store the information from a test in a file we can type something like…
rhash -C test.txt -o output.txt
And that will store the information of the test in a file called output.txt and that makes it easier to check multiple files all at the same time using wildcard symbols like * and still retrieve the results.
Okay, well that’s all I’ve got for you today. I hope you learned something about hashes and how to use them.