How to Use md5sum to Verify Data Integrity
First of all, what’s a hash?
A hash is the output of a one-way, reproducible function for creating a small fingerprint from a chunk of data. For example, when the popular hash function MD5 is given the word “cat”, it produces the following output every time:
54b8617eca0e54c7d3c8e6732c6b687a
If “cat” is changed to “cats” the resulting hash is completely different:
48ccbaffbb0675f2a0d9e6ef8875a03c
No matter how much data the hash function is given, the fingerprint stays the same size. No matter how small the change to the data, the fingerprint will be totally different.
What’s md5sum?
A simple tool called md5sum is used for working with hashes in Linux. It allows hashes to be created and compared using the MD5 hash function. md5sum comes installed by default in Ubuntu and virtually every other Linux distribution. (It’s part of the GNU core utilities.)
Calculate MD5 hashes
Calculating hashes for one or more files is easy. Simply run md5sum followed by a list of as many files as you like. This command generates hashes for one.txt, two.txt, and displays the results:
md5sum one.txt two.txt
Save MD5 hashes to a file
Saving the hashes generated by md5sum lets you easily verify the files later. To
do this, you need to redirect standard output to a file. This is done using the
greater than “>” sign after the command. The command below hashes the two files
and saves the results to a new file called mymd5sums:
md5sum one.txt two.txt > mymd5sums
Verify MD5 hashes
The md5sum command saves not only the hashes, but also the filenames. This means
that after you save one or more hashes to a file, you can use this file to
verify all of the hashes at once. Run md5sum with the -c option and the name of
the file containing the hashes. This command hashes all the files listed in
mymd5sums, and compares them to the saved hashes:
md5sum -c mymd5sums
If the files hashed before, one.txt and two.txt, are unchanged md5sum would
display this:
one.txt: OK
two.txt: OK
But if one.txt was changed:
one.txt: FAILED
two.txt: OK
md5sum: WARNING: 1 of 2 computed checksums did NOT match
Verify Ubuntu CD downloads
When you download an Ubuntu (or any other) CD image, you should make sure the file’s hash is correct. Doing this ensures your CD will work properly, and that the file is official and has not been modified by a third party.
To do this for Ubuntu CDs, click the link at the bottom of the Ubuntu download
page to view the complete list of
download locations. After you choose a mirror and select an Ubuntu release,
scroll down to the file listing and find the MD5SUMS file and download it to
the same directory as the ISOs. The MD5SUMS file contains a hash for every CD.
Verify your CD using the -c option I explained earlier:
md5sum -c MD5SUMS
It will take a few seconds for an ISO to be hashed. All of the files you didn’t download will fail when they are not found by md5sum. But the files you did download should get an OK when they are found to be correct.
Archived Comments
Tom
The_Stig,
md5sum only works with MD5 hashes.
CRC hashes are not as common as MD5 because they are not collision resistant. However, it looks like the “cfv” package in Ubuntu can deal with SFV files.
The_Stig
Thanks Mate!
Anonymous
Well, I was really wanting some quick instruction to check an open wrt
download.
I guess I may be a simpleton, but this info was to long, & after I skimmed
through it, did not work for me.
Thanks anyway
dummy
Well, I was really wanting some quick instruction to check an open wrt
download.
I guess I may be a simpleton, but this info was to long, & after I skimmed
through it, did not work for me.
Thanks anyway
en
Found this quite helpful. Thank you.
The_Stig
Hey Tom!
I have some problem with md5sum. How can I use this program, for crc-check from *.sfv files?
Thx.