MD5
Checksum:
MD5
is an algorithm that is used to verify data integrity through the
creation of a 128-bit message digest from data input (which may be a
message of any length) that is claimed to be as unique to that
specific data as a fingerprint is to the specific individual. MD5,
which was developed by Professor Ronald L. Rivest of MIT, is intended
for use with digital signature applications, which require that large
files must be compressed by a secure method before being encrypted
with a secret key, under a public key cryptosystem. MD5 is currently
a standard, Internet Engineering Task Force (IETF) Request for
Comments (RFC) 1321.
Simple
Usage, we use md5 to verify the correctness of something we have
downloaded. You always provided with md5 fingerprint while
downloading large file such as iso images for linux distro. It is
just a line of 128 bit string.
Why
I need to do the checking? Is it important?
To
ensure the file you downloaded is not corrupted. Yes, it is
important. If you try to burn the iso that is corrupted to CD, the CD
may not work properly.
How
to check?
Uses
md5sum, the simple way is run the command line straight away. Let say
you want to check the file ubuntu-6.10-desktop-i386.iso.
md5sum
ubuntu-6.10-desktop-i386.iso
With
this, it prints out the 128 bit fingerprint strings. Tally the string
you obtained with the provided one. Provider do the same way to
obtain this string and publish to the site.
Another
way let say you have more files to verify, you can create a text
file, such as md5sum.txt
283158c7da8c0ada74502794fa8745eb
ubuntu-6.10-alternate-amd64.iso
549ef19097b10ac9237c08f6dc6084c6
ubuntu-6.10-alternate-i386.iso
5717dd795bfd74edc2e9e81d37394349
ubuntu-6.10-alternate-powerpc.iso
99c3a849f6e9a0d143f057433c7f4d84
ubuntu-6.10-desktop-amd64.iso
b950a4d7cf3151e5f213843e2ad77fe3
ubuntu-6.10-desktop-i386.iso
a3494ff33a3e5db83669df5268850a01
ubuntu-6.10-desktop-powerpc.iso
2f44a48a9f5b4f1dff36b63fc2115f40
ubuntu-6.10-server-amd64.iso
cd6c09ff8f9c72a19d0c3dced4b31b3a
ubuntu-6.10-server-i386.iso
6f165f915c356264ecf56232c2abb7b5
ubuntu-6.10-server-powerpc.iso
4971edddbfc667e0effbc0f6b4f7e7e0
ubuntu-6.10-server-sparc.iso
First
column is the md5 string and second column is the location of the
file. To check all them from file, do this:
md5sum
-c md5sum.txt
The
output will be like this if success
...
ubuntu-6.10-desktop-amd64.iso:
OK
ubuntu-6.10-desktop-i386.iso:
OK
...
SHA-1
Checksum:
Sha-1
is another algorithm that is used to verify data integrity, but MD5
uses 128bits where sha-1 uses 160 bits. Refers to the article in
slashdot, title MD5 To Be Considered Harmful Someday, collision has
been found in the MD5 algorithm, meaning that you may get a same md5
hash value from two different files, indicate md5 hash is no longer
unique. Therefore, some of the iso downloads uses sha-1 for data
integrity checksum, one of the example is Fedora 7 DVD. But do you
think md5 checksum value will collides if you have done errornous
download of DVD iso?
Anyway,
sha1 serves as an alternatives to MD5. There exist sha-224, sha-256,
sha-384, sha-512 that uses various bits of message digest for data
integrity test just in case sha1 collision had been discovered
someday in future.
Okay
how to perform sha1 checksum?
SHA-1
-----BEGIN
PGP SIGNED MESSAGE-----
Hash:
SHA1
96b13dbbc9f3bc569ddad9745f64b9cdb43ea9ae
F-7-i386-DVD.iso
fc2e7ab25550afb78608c7f432d0af6c6a7b2105
F-7-i386-rescuecd.iso
-----BEGIN
PGP SIGNATURE-----
Version:
GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGWfrHtEJp0E8qb9IRAlKbAJ4lFgv2g1t2HHkx9qBR+MICRTjEZACeKW1G
PARJf/frcaGIB27Lw8R3Nng=
=GQMy
-----END
PGP SIGNATURE-----
To
perform sha1 checksum, it works similar to md5sum, kinda refers back
to the examples here.
sha1sum
F-7-i386-DVD.iso | grep "96b13dbbc9f3bc569ddad9745f64b9cdb43ea9ae"
Copy
and paste the sha1 code and paste it with grep after the pipelines,
if a line has returned indicate it passes the checksum, else, too bad
:( , you have to download the iso again.
No comments :
Post a Comment