Basic File Hashing Using Native Tools on Linux, OSX, and Windows 10

Wikipedia defines a cryptographic hash as “a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash function) which is designed to also be one-way function, that is, a function which is infeasible to invert” (1). In fact, hashing is so cool that Wikipedia has a second page devoted to hashes (2). LOL, as they say.Hashing is important because it provides a method of ensuring data integrity; that is, a verification that the data has not been either intentionally or unintentionally modified. Data can be a string of text (example: password storage), a file (example: linux .deb file), a whole hard-drive (example: think forensic analysis), etc.If you download software off of the net for your computer, you have likely seen references to file “checksums”, which is another name for a hash that has been created. As an example, go to https://www.virtualbox.org/wiki/Linux_Downloads and down the page, you'll notice both “sha256 checksum” and “md5 checksum”.Clicking on one of these links gives you a page of the appropriate checksum for each files that can be downloaded. The purpose of these hashes is to verify that the file has not been modified during the download. Likewise, on a Debian based linux distribution, you can see the file hash for each package. For example, the command “lsof” allows a user to view what files are open on a running system. On my computer, ff I run in the terminal “apt-cache show lsof”, I get information about the install package including the hashes for that package needed to perform an integrity check during the installation:MD5sum: 18176923b596154e9c8d52e433120d5aSHA1: f7844751b7b7a50c686c2b967c48f65b36f19d40SHA256: 26efd10a89588c18ad4d6ce9468ea0ab6e53030ace3270c939a9dae44906adddSo, how do we manually perform this check on various operating systems? Let’s take a look.What I'll do is to create a text file called “test_file.txt” using a text editor with the following text: “This is the data in my file.” (without the quotes). I will then copy this to each operating system. Linux(Note: I am using Debian 8.5 as confirmed by “cat /etc/debian_version”)For md5 checksums, we open a terminal window, cd to the directory where our file is located, then type:“md5sum test_file.txt” (without the quotes). I receive the checksum followed by the file name:f0eac7ea373ec547cc3dee88a3c50a3a test_file.txtUsing sha, it is a bit more involved because sha has several different bit sizes to choose from. On my Debian box, I see that I have several different ones to choose from:junkwerks@porky-pig:~$ ls -l /usr/bin/sha*-rwxr-xr-x 1 root root 43592 Mar 14 2015 /usr/bin/sha1sum-rwxr-xr-x 1 root root 51784 Mar 14 2015 /usr/bin/sha224sum-rwxr-xr-x 1 root root 51784 Mar 14 2015 /usr/bin/sha256sum-rwxr-xr-x 1 root root 55880 Mar 14 2015 /usr/bin/sha384sum-rwxr-xr-x 1 root root 55880 Mar 14 2015 /usr/bin/sha512sum-rwxr-xr-x 1 root root 9065 Jul 22 10:59 /usr/bin/shasumWhat we see are different binaries for each variation of sha on my system. Sha1 is older and deprecated but might sometimes still be used. The shaXXXsum listings refer to sha2 bit size variations, and shasum is actually a Perl file that calls the binary files with use of the “-a”. For example:junkwerks@porky-pig:~$ shasum -a 256 test_file.txt50d23ac06e007c665c478304ecc32125fa24f6ffd2552a4d7ca5ca72faa40e8b test_file.txtAs always, do a “man” to see what else you can do (example: “man shasum”). OSXNot surprisingly, OSX is very similar in use from the command line as Linux. The biggest difference I see upfront is the more restricted bit sizes and the difference in the names.pig-pig:~ junkwerks$ ls -l /usr/bin/sha*-rwxr-xr-x 38 root wheel 811 Aug 22 2015 /usr/bin/shasum-rwxr-xr-x 1 root wheel 8629 Aug 22 2015 /usr/bin/shasum5.16-rwxr-xr-x 1 root wheel 8629 Aug 22 2015 /usr/bin/shasum5.18No big deal. We still run it the same manner from the terminal window:pig-pig:junkwerks$ md5 test_file.txtMD5 (test_file.txt) = f0eac7ea373ec547cc3dee88a3c50a3aandpig-pig:junkwerks$ shasum -a 256 test_file.txt50d23ac06e007c665c478304ecc32125fa24f6ffd2552a4d7ca5ca72faa40e8b test_file.txt Window 10Obviously, things will be different here, although Win10 has a new Linux based command line, but I have not tried that yet. What has been around for a while though is PowerShell, and we can use it to do out hashing.There are other downloadable freeware programs out there, but one must become proficient in command lines in this business, even on Windows (believe it or not).Note: the command get-filehash is only available in PowerShell V4 and up.So here's how we do it. Open up a powershell (ps) terminal. In the ps window, type the following:“get-help get-filehash”Like man on the *nix examples before, here you'll see the basic usage of the get-filehash command. Notice also, the various hash types and bit sizes. So here we go:PS C:Usersjunkwerks.localDesktop> Get-FileHash -Algorithm MD5 test_file.txt Algorithm Hash Path--------- ---- ----MD5 F0EAC7EA373EC547CC3DEE88A3C50A3A C:Usersjunkwerks.localtest_file.txtandPS C:Usersjunkwerks.localDesktop> Get-FileHash -Algorithm SHA256 test_file.txt Algorithm Hash Path--------- ---- ----SHA256 50D23AC06E007C665C478304ECC32125FA24F6FFD2552A4D7CA5CA72FAA40E8B C:Usersjunkwerks.localtest_file.txt Time to Play1) Change the file name and re-hash the file. Did the hash change?2) Open the file with a text editor, change 1 character, then save the file and re-hash it. Did the hash change? Up next, we'll do a quick review of uses for cryptographic hashing.Happy hashing!

---

References1. Online. Retrieved August 1, 2016. https://en.wikipedia.org/wiki/Cryptographic_hash_function2. Online Retrieved August 2, 2016. https://en.wikipedia.org/wiki/Hash_function