Tombuntu

How to Use md5sum to Verify Data Integrity

First of all, what’s a hash?

A hash is the output of a one-way, reproducible function for creating a small fingerprint from a chunk of data. For example, when the popular hash function MD5 is given the word “cat”, it produces the following output every time:

54b8617eca0e54c7d3c8e6732c6b687a

If “cat” is changed to “cats” the resulting hash is completely different:

48ccbaffbb0675f2a0d9e6ef8875a03c

No matter how much data the hash function is given, the fingerprint stays the same size. No matter how small the change to the data, the fingerprint will be totally different.

What’s md5sum?

A simple tool called md5sum is used for working with hashes in Linux. It allows hashes to be created and compared using the MD5 hash function. md5sum comes installed by default in Ubuntu and virtually every other Linux distribution. (It’s part of the GNU core utilities.)

Calculate MD5 hashes

Calculating hashes for one or more files is easy. Simply run md5sum followed by a list of as many files as you like. This command generates hashes for one.txt, two.txt, and displays the results:

md5sum one.txt two.txt

Save MD5 hashes to a file

Saving the hashes generated by md5sum lets you easily verify the files later. To do this, you need to redirect standard output to a file. This is done using the greater than “>” sign after the command. The command below hashes the two files and saves the results to a new file called mymd5sums:

md5sum one.txt two.txt > mymd5sums

Verify MD5 hashes

The md5sum command saves not only the hashes, but also the filenames. This means that after you save one or more hashes to a file, you can use this file to verify all of the hashes at once. Run md5sum with the -c option and the name of the file containing the hashes. This command hashes all the files listed in mymd5sums, and compares them to the saved hashes:

md5sum -c mymd5sums

If the files hashed before, one.txt and two.txt, are unchanged md5sum would display this:

one.txt: OK
two.txt: OK

But if one.txt was changed:

one.txt: FAILED
two.txt: OK
md5sum: WARNING: 1 of 2 computed checksums did NOT match

Verify Ubuntu CD downloads

When you download an Ubuntu (or any other) CD image, you should make sure the file’s hash is correct. Doing this ensures your CD will work properly, and that the file is official and has not been modified by a third party.

To do this for Ubuntu CDs, click the link at the bottom of the Ubuntu download page to view the complete list of download locations. After you choose a mirror and select an Ubuntu release, scroll down to the file listing and find the MD5SUMS file and download it to the same directory as the ISOs. The MD5SUMS file contains a hash for every CD. Verify your CD using the -c option I explained earlier:

md5sum -c MD5SUMS

It will take a few seconds for an ISO to be hashed. All of the files you didn’t download will fail when they are not found by md5sum. But the files you did download should get an OK when they are found to be correct.

Archived Comments

The_Stig

Hey Tom!
I have some problem with md5sum. How can I use this program, for crc-check from *.sfv files?
Thx.

Tom

The_Stig,
md5sum only works with MD5 hashes.

CRC hashes are not as common as MD5 because they are not collision resistant. However, it looks like the “cfv” package in Ubuntu can deal with SFV files.

The_Stig

Thanks Mate!

Anonymous

Well, I was really wanting some quick instruction to check an open wrt download.
I guess I may be a simpleton, but this info was to long, & after I skimmed through it, did not work for me.
Thanks anyway

dummy

Well, I was really wanting some quick instruction to check an open wrt download.
I guess I may be a simpleton, but this info was to long, & after I skimmed through it, did not work for me.
Thanks anyway

en

Found this quite helpful. Thank you.

Respond via email