A hash is a cryptographic function that takes an input (or “message”) and returns a fixed-size string of bytes, typically represented as a hexadecimal number. It’s used to verify data integrity and authenticity. Hash functions are designed to be one-way, meaning it’s computationally infeasible to reverse the process and obtain the original input from the hash value.
In other words, hash functions are one-way. It is practically impossible to go back from the hash value to the original input.
Common hash functions used in Linux
MD5 (Message Digest Algorithm 5)
MD5 produces a 128-bit (16-byte) hash value. MD5 is not considered secure for cryptographic purposes due to vulnerabilities that have been discovered.
SHA-1 (Secure Hash Algorithm 1)
SHA-1 produces a 160-bit (20-byte) hash value. Similar to MD5, SHA-1 is also considered weak and is being deprecated in favor of stronger hash functions.
SHA-256, SHA-384, SHA-512
These are members of the SHA-2 family and produce hash values of 256 bits, 384 bits, and 512 bits, respectively. They are considered secure for cryptographic purposes.
To calculate the hash of a file in Linux, you can use utilities like md5sum, sha1sum, sha256sum, sha384sum, and sha512sum followed by the filename.
Usage
md5sum file.txt
sha256sum file.txt
These commands will calculate the MD5 and SHA-256 hashes of the file.txt.
How to use hashes to verify downloaded file integrity
After obtaining the hash value of the downloaded file, compare it with the one provided on the website to ensure the integrity of the download. If the hashes don’t match, do not proceed with the installation and try downloading again.
An example of websites with a file verification option
