Live Chat!
sha-1 checksum
October 3rd, 2007 mysurface Posted in Misc, sha1sum | Hits: 26966 |
What is sha-1 checksum? I heard about md5 checksum, did sha-1 makes any different?
Sha-1 is another algorithm that is used to verify data integrity, but MD5 uses 128bits where sha-1 uses 160 bits. Refers to the article in slashdot, title MD5 To Be Considered Harmful Someday, collision has been found in the MD5 algorithm, meaning that you may get a same md5 hash value from two different files, indicate md5 hash is no longer unique. Therefore, some of the iso downloads uses sha-1 for data integrity checksum, one of the example is Fedora 7 DVD. But do you think md5 checksum value will collides if you have done errornous download of DVD iso?
Anyway, sha1 serves as an alternatives to MD5. There exist sha-224, sha-256, sha-384, sha-512 that uses various bits of message digest for data integrity test just in case sha1 collision had been discovered someday in future.
Okay how to perform sha1 checksum?
The lines below are fedora 7 DVD iso’s Hash, indicates that they uses SHA-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
96b13dbbc9f3bc569ddad9745f64b9cdb43ea9ae F-7-i386-DVD.iso
fc2e7ab25550afb78608c7f432d0af6c6a7b2105 F-7-i386-rescuecd.iso
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGWfrHtEJp0E8qb9IRAlKbAJ4lFgv2g1t2HHkx9qBR+MICRTjEZACeKW1G
PARJf/frcaGIB27Lw8R3Nng=
=GQMy
-----END PGP SIGNATURE-----
To perform sha1 checksum, it works similar to md5sum, kinda refers back to the examples here.
sha1sum F-7-i386-DVD.iso | grep "96b13dbbc9f3bc569ddad9745f64b9cdb43ea9ae"Copy and paste the sha1 code and paste it with grep after the pipelines, if a line has returned indicate it passes the checksum, else, too bad :( , you have to download the iso again.
April 10th, 2008 at 6:45 pm
BTW, collisions have also been found in sha1 :-)
So everyone should use at least SHA-256, or simple use a concatenation of MD5 and SHA1. (128+160=288 bits).