Okay I’m going to teach you how to use the linux command line to produce simple hashes that could help you verify if data integrity has been compromised.
First we’ll use the linux command called “cksum” and then compare that to a hash type program.
First create a simple text file and fill it with this text…
I’ll test this file.
Save the file with the filename test.txt since we’ll be running a test on it.
Then in the linux terminal make sure you are in the directory with the file and type…
The output will be
197391445 21 test.txt
The long number is the cksum hash and the number 21 is how many characters the file has. Each character in a computer takes one byte (8 bits) to store so this tells us we have 21 bytes of data in the file.
Now reopen the file and modify it to say…
I tested this file.
Save the file and again type…
And the output will be…
3076019627 20 test.txt
Because the two files are different the numbers are different, both the hash and the amount of characters.
This is a simple type of hash check, but it has been proven that the mathematical complexity of cksum’s operations are not sufficient to prevent a person from modifying a file in subtle or ingenious ways to avoid detection. We need a more powerful program to help us.
If we using the Message-Digest algorithm 5 (MD5) standard we’ll have a better chance at detecting a small change to the file.
It is based on a 128-bit (16 byte) cryptograph as detailed in RFC 1321 in case you are curious.
Linux gives us access to md5 hashing through the terminal program md5sum.
Keep the file as currently modified and run the terminal command…
and the output should be…
And then modify the file to read…
This will work better.
Save it and again run the command…
and the output will be…
Obviously the two numbers are different proving the file has been modified.
The only bad thing is that you don’t get a readout of how long the file is, so if you want that information use cksum also.
Now if you want to use other types of checks it might be a good idea to install a program called rhash as it allows for multiple methods.
To do this type the terminal commands…
sudo apt-get update
sudo apt-get install rhash
And you’ll have the program.
Rhash is a recursive hasher and gives you access to various message disgest hash sums including CRC32, MD4, MD5, SHA1, SHA256, SHA512, Tiger, DC++ TTH, BitTorrent BTIH, AICH,
ED2K, GOST R 34.11-94, RIPEMD-160, HAS-160, EDON-R 256/512, Whirlpool, Snefru-128/256.
And it can even produce a torrent file from each checked file if you want. Pretty cool tool huh?
Now we use it in the same way as cksum and md5sum. Just type…
and you’ll get the output of something like…
; Generated by RHash v1.3.3 on 2017-08-26 at 21:41.08
; Written by Aleksey (Akademgorodok) – http://rhash.sourceforge.net/
; 23 21:28.07 2017-08-26 test.txt
This is kind of cool because if we stored that information in a file we’d know when the file was tested and what version of the software did it and the length of the file (23 characters) and the time of the file’s creation and so on. So it’s a lot more verbose.
The standard mode is to test the file with the CRC32 method but you can specify that mode by typing…
rhash -C test.txt
Make sure you use a capital C as a lower case c is for checking hash files so don’t confuse the two.
If you want to use one of the other methods exchange the letter C for any of these options…
CRC32: calculate and print CRC32 hash sum.
–md4 MD4: calculate and print MD4 hash sum.
MD5: calculate and print MD5 hash sum.
SHA1: calculate and print SHA1 hash sum.
–sha224, –sha256, –sha384, –sha512
Calculate specified SHA2 hash sum.
Tiger: calculate and print Tiger hash sum.
TTH: calculate and print DC++ TTH sum.
–btih BTIH: calculate and print BitTorrent Info Hash.
AICH: calculate and print AICH hash.
ED2K: calculate and print eDonkey 2000 hash sum.
eDonkey link: calculate and print eDonkey link.
Whirlpool: calculate and print Whirlpool hash sum.
GOST: calculate and print GOST R 34.11-94 hash, the Russian GOST
standard hash function.
GOST-CRYPTOPRO: calculate and print CryptoPro version of the
GOST R 34.11-94 hash function.
RIPEMD-160: calculate and print RIPEMD-160 hash sum.
HAS-160: calculate and print HAS-160 hash sum.
SNEFRU: calculate and print SNEFRU-128/256 hash sums.
EDON-R: calculate and print EDON-R 256/512 hash sums.
Calculate all supported hash sums.
List names of all supported hashes, one per line.
Wow. That’s a lot huh? Now if we want to store the information from a test in a file we can type something like…
rhash -C test.txt -o output.txt
And that will store the information of the test in a file called output.txt and that makes it easier to check multiple files all at the same time using wildcard symbols like * and still retrieve the results.
Okay, well that’s all I’ve got for you today. I hope you learned something about hashes and how to use them.