Generate & Compare MD5, SHA1 for Files and Strings in Terminal

Most of the times when you download a file from internet, you will see a checksum or MD5 hash tag beside the download link so you can compare the checksum of the downloaded file with the original file. There are several security reasons for that, but the most common one is to eliminate the possibility of a special type of hacking called “Man in the middle”. In this type of hacking, the hacker usually sniffs and listens to the requests goes from your computer and tries to compromise the packets, but the best thing you can do to help the hacker is to request a very popular application that he has already prepared an infected version, so when you want to download the file, he will send his own infected version toward your computer and you will install that application, thinking that it is the original malware-free application !! so after installing the application, the hacker can do variety of dangerous things to your computer such as creating a backdoor, key-logging, screen capturing, infecting the entire trusted network and etc.

The only way you can avoid this type of hack is by checking the checksums. there are few awesome, useful and easy commands that can do this checking for you and I’m going to describe them in this article:

Basically these commands generate MD5 or SHA1 hashes and compare them against the provided checksum hash. So at first, I will explain how to generate MD5 and SHA1 :

 

1. Generate MD5, SHA1 for files and strings

For the commands below I’m going to use a file and a string. The file name will be “myfile.zip” and for the string I will use “myString”, but you should change them with the string or file you want.

generate MD5 from string:

md5 -q -s "myString"

or you can use:

echo -n "myString" | md5

for bot of the command above the result will be:

91c65b6feeb5a6ad66b30e2ebd9405e1

The following lines will generate MD5 for a given file:

md5 myfile.zip

and the result will be shown as below (note that the result of your will not be the same as mine due to the fact that our files are different)

MD5 (myfile.zip) = e9157ac8de60656b0c0e6cdf4ef524a2

in the command above, if you use -q before your filename, you will get only the MD5 checksum.

 

To generate SH1 hash, from a string, you can use the command below:

echo -n "myString" | openssl sha1

and the result will be:

ea14396f199a2fe7ca14239fd02b4865a8918b8f

 

 

2. Compare MD5, SHA1 for files

So far I could not find a proper command that do the comparison for us, so the only way left is to either use your eyes and check every single character, or copy and paste the template checksum in a text editor and use FIND functionality (which is usually built in in all text editors) to find the generated checksum in the template.

I may write a python file to facilitate this process later and I will post it in this article. 😀

One thought on “Generate & Compare MD5, SHA1 for Files and Strings in Terminal”

  1. To ensure the sum has matched without manual checking you can use this;

    md5 file | grep -w {sum} (without {})

    – Nicholas

Leave a Reply

Your email address will not be published. Required fields are marked *

This is new type of CAPTCHA, make the puzzle please !WordPress CAPTCHA