Task 7.10: Validating Downloads and Checking the Hash
There is more to security than moving files over an encrypted channel. You also need to have a means of verifying the integrity of the files and information transmitted. This is the purpose of a hash. Hashes are used to check authentication and message integrity.
Scenario
Your organization will soon start posting code and applications on its SFTP site for its partners in India. You have been asked to develop a method to verify the integrity of these files and prove they remain intact.
Scope of Task
Duration
This task should take about 10 minutes.
Setup
For this task, you’ll need a Windows computer, access to the Administrator account, and an Internet connection. You must also have completed Task 7.9.
Caveat
Hashing algorithms only verify integrity and authentication. They cannot provide confidentiality or protect information from changes. They only have the ability to detect change.
Procedure
In this task, you will learn how to use the md5sum application.
Equipment Used
For this task, you must have:
- A Windows XP, Windows Vista, or Windows 7 computer
- Access to the Administrator account
- An Internet connection
Details
This task will show you how hashing algorithms are used to ensure integrity and prove that a program remains unchanged.
Using Hashing Algorithms
1. Download the Windows version of md5sum from http://etree.org/md5com.html. It is a command-line program that you should install in the root of the C: drive.
The MD5 hashing algorithm is based on RFC 1321. It has been used as the basis to create md5sum and several similar programs. md5sum is one of the most widely used checksum algorithms today. It was created by Ron Rivest and published in 1992. It is available for both Unix and Windows platforms.
2. After saving md5sum to the C: drive, create a text file there named demo.txt. Add to the file a line of text such as Hello World!.
3. Open a command prompt and change to the C directory.
4. Enter md5sum demo.txt at the command-line prompt. Your output should look similar to this:
C:>md5sum demo.txt
3579c8da7f1e0ad94656e76c886e5125 *demo.txt
5. Notice the string of numbers; that is the MD5 hashed value. If you record this value, you can use it to compare later and detect whether any changes to the file have been made.
6. To better understand how hashing works, you should now change the filename to demo2.txt.
7. With the filename changed, rerun md5sum and compare the results to those you got earlier:
C:>md5sum demo2.txt
3579c8da7f1e0ad94656e76c886e5125 *demo2.txt
8. Notice how the two values are the same. This demonstrates that hashing algorithms do not care about filenames.
9. Edit the demo2.txt file and change the text inside to It’s a cold cruel World!.
10. Enter md5sum demo2.txt at the command-line prompt. Your output should look similar to this:
C:>md5sum demo2.txt
863433c5ba2f0c83c23810fa48ad6459 *demo2.txt
11. As you can see, the MD5 value has changed. Hashing sums are changed when the contents of a file are changed. They are unaffected by changes in the file date and filename.
Comparing the Hash of a Known File
1. In Task 7.9, you downloaded the WinSCP program. Go to the folder in which it was installed and run md5sum against the WINSCPsetup.exe file:
C:>WINSCPmd5sum WINSCPsetup.exe
3bb053732844b7cac6a856ac06dab642 *WINSCPsetup.exe
2. Now go to the WinSCP web page at http://winscp.net/download/winscp427release_notes.txt and observe the listed md5sum that is posted.
3. Notice that these two values match. This verifies that the file you downloaded and installed is in fact intact and remains unchanged. This same feature could be used on your own SFTP site to capture the integrity of files and assure users that the files are correct and unchanged.
Tripwire is another well-known file-integrity program. It can perform hashing on files, folders, and even complete drives to track changes or violations in integrity.
Criteria for Completion
You have completed this task when you have created a text file, verified its integrity, and downloaded a second file and compared its md5sum to one posted on the creator’s website.