First of all, what’s a hash?
A hash is the output of a one-way, reproducible function for creating a small fingerprint from a chunk of data. For example, when the popular hash function MD5 is given the word “cat”, it produces the following output every time:
If “cat” is changed to “cats” the resulting hash is completely different:
No matter how much data the hash function is given, the fingerprint stays the same size. No matter how small the change to the data, the fingerprint will be totally different.
A simple tool called md5sum is used for working with hashes in Linux. It allows hashes to be created and compared using the MD5 hash function. md5sum comes installed by default in Ubuntu and virtually every other Linux distribution. (It’s part of the GNU core utilities.)
Calculate MD5 hashes
Calculating hashes for one or more files is easy. Simply run md5sum followed by a list of as many files as you like. This command generates hashes for one.txt, two.txt, and displays the results:
md5sum one.txt two.txt
Save MD5 hashes to a file
Saving the hashes generated by md5sum lets you easily verify the files later. To
do this, you need to redirect standard output to a file. This is done using the
greater than “>” sign after the command. The command below hashes the two files
and saves the results to a new file called
md5sum one.txt two.txt > mymd5sums
Verify MD5 hashes
The md5sum command saves not only the hashes, but also the filenames. This means
that after you save one or more hashes to a file, you can use this file to
verify all of the hashes at once. Run md5sum with the -c option and the name of
the file containing the hashes. This command hashes all the files listed in
mymd5sums, and compares them to the saved hashes:
md5sum -c mymd5sums
If the files hashed before,
two.txt, are unchanged md5sum would
one.txt: OK two.txt: OK
But if one.txt was changed:
one.txt: FAILED two.txt: OK md5sum: WARNING: 1 of 2 computed checksums did NOT match
Verify Ubuntu CD downloads
When you download an Ubuntu (or any other) CD image, you should make sure the file’s hash is correct. Doing this ensures your CD will work properly, and that the file is official and has not been modified by a third party.
To do this for Ubuntu CDs, click the link at the bottom of the Ubuntu download
page to view the complete list of
download locations. After you choose a mirror and select an Ubuntu release,
scroll down to the file listing and find the
MD5SUMS file and download it to
the same directory as the ISOs. The
MD5SUMS file contains a hash for every CD.
Verify your CD using the
-c option I explained earlier:
md5sum -c MD5SUMS
It will take a few seconds for an ISO to be hashed. All of the files you didn’t download will fail when they are not found by md5sum. But the files you did download should get an OK when they are found to be correct.