How to check an MD5 hash on a fileHow to check an MD5 hash on a file

Posted January 19th, 2004 in Linux/Unix/BSD (Updated May 23rd, 2007)

MD5 is a one-way hash algorithm as defined by RFC1321 and can be used to help determine the integrity of a file by providing a 128 bit digital signature. This digital signature is like a fingerprint for a file; changing just one single byte in a file will result in a different MD5 hash.

MD5 hashes can be used to catalog files on a filesystem and then determine at a later date that the files have not been altered in any way, for example if someone broke into a system and modified system files.

They can also be used to ensure a file downloaded from a website is the same as expected. This can be especially important when downloading a file from a mirror site to ensure you are not installing a modified program which contains a trojan horse or some other nasty. By simply comparing the MD5 hash of the file you have downloaded from the mirror with that from the original website you can determine whether or not the file is exactly the same.

To check the MD5 hash on eg the /bin/ls file, you would issue the following:

/usr/bin/md5sum /bin/ls
OR
/sbin/md5 /bin/ls
OR
md5sum /bin/ls

where /usr/bin/md5sum or /sbin/md5 is the MD5 hashing program (the first is its location on RedHat 8.0 Linux and SuSE 9.0 (and probably other Linux distributions); the second is on FreeBSD 4.9). If the md5 utility is in your path then you don't need to type the full path to it (the /usr/bin part), as in the last example above. To find the location on your system try whereis md5 and whereis md5sum. The resulting output of this would be something like so:

d55769791bd4775b10febacd92552c2f   /bin/ls

A real world example of checking the MD5 hash on a file downloaded from a site, might be to download a Linux ISO image to burn to CD or DVD, for example Knoppix 5.1.1. The MD5SUMS for Knoppix 5.1.1 are as follows:

379e2f9712834c8cef3efa6912f30755 KNOPPIX_V5.1.1CD-2007-01-04-EN.iso e967af32cc5b9e7a91825877b65555a8 KNOPPIX_V5.1.1DVD-2007-01-04-EN.iso

If we downloaded the file "aKNOPPIX_V5.1.1CD-2007-01-04-EN.iso" from a local mirror, after it has completed we can run:

/usr/bin/md5sum KNOPPIX_V5.1.1CD-2007-01-04-EN.iso
OR
/sbin/md5 KNOPPIX_V5.1.1CD-2007-01-04-EN.iso
OR just
md5sum KNOPPIX_V5.1.1CD-2007-01-04-EN.iso

and compare the output with that from the Knoppix website. An even easier way to do this is to use the -c flag against the file containing the md5sum. If the md5sum for the above iso image was stored in the file KNOPPIX_V5.1.1CD-2007-01-04-EN.iso.md5 then you would issue this command:

md5sum -c KNOPPIX_V5.1.1CD-2007-01-04-EN.iso.md5

and assuming it checked ok you would see the resulting error message:

KNOPPIX_V5.1.1CD-2007-01-04-EN.iso: OK

Because it checksummed correctly you can now safely burn a CD from that image.

Related posts: