Checking MD5 & SHA1 Checksums

Checking MD5 & SHA1 Checksums

Linux

Move the downloaded file and the associated MD5 hash file to a folder and execute the following command from the command line.

md5sum -c datei.md5

To check the SHA1 file, execute the following command similarly.

sha1sum -c datei.sha1

Example

benutzer:~/Ordner$ ls
datei.iso  datei.md5

benutzer:~/Ordner$ md5sum datei.iso 
161a1957728be5d530c3fab67ac40652  datei.iso

benutzer:~/Ordner$ cat datei.md5 
161a1957728be5d530c3fab67ac40652  datei.iso

benutzer:~/Ordner$ md5sum -c datei.md5 
datei.iso: OK

Windows

Move the downloaded file and the associated MD5 hash file to a folder and execute the following command using the fciv.exe.

fciv.exe -v -md5 datei.md5

To check the SHA1 file, execute the following command similarly.

fciv.exe -v -sha1 datei.md5

If the checksums agree then the downloaded file is free from errors.

Generating MD5 & SHA1 Checksums

Linux

To create an MD5 file for a file that you would like to provide for downloading, enter the following command from the command line.

md5sum datei > datei.md5

tail -c 10MB datei | md5sum > datei.md5 (If you want to calculate checksum or fingerprint based on last 10M data on the file which is OK and fast)

To create a SHA1 file, execute the following command similarly.

sha1sum datei > datei.sha1

Windows

To create an MD5 file for a file that you would like to provide for downloading, enter the following command using fciv.exe.

fciv.exe -add -md5 datei.md5

To create a SHA1 file, execute the following command similarly.

fciv.exe -add -sha1 datei.sha1

Security Instructions

MD5 is now no longer considered secure, because various file exhibiting the same MD5 checksums can be created with little effort, as has been proven.In this manner, an attacker can create an infected file, whose hash value agrees with the original checksum during the test, even though the content is different than the original file.

Progress has also be made in attacking SHA1.However, SHA1 is still not considered to have been hacked. The reason for this is that attacks on SHA1 require too much time for daily use.