Tag Archives: verify

sha* (with sha1pass and shasum): Sha-sha-sha

I mentioned md5sum a long, long time ago, and now I feel obligated to include the sha* suite. I think this might be where the free ride ends for checksum generators though. Here’s why:

2014-09-18-6m47421-sha256sum

That’s it, that’s basically all it does. Of course, it’s not like md5sum did much more. You can use this in much the same way as md5sum — checking file integrity where the publisher has a sum available to match, or as a fingerprinting utility where there was an intermediary in the transfer.

I wanted to point out that the sha* binaries are part of coreutils, but my Arch system has two other sha* programs: sha1pass, installed as part of syslinux, and shasum, which came with perl.

I can’t speak for either of those last programs, since I’m not sure what their original intent was. I have a feeling sha1pass works with passwords and encryption, while shasum appears to be a frontend for the sha* binaries. If you use sha* enough, shasum might be helpful.

But that’s why I said the gravy train might be pulling into the station for checksum generators: They have a very slim and specific function. And what I’ve seen of a few other checksum generators suggests that’s all they’re meant to do. :\

md5sum: md5sum is … md5sum

I have to include m5sum in this little venture, not because it has a rabid fan base, but because … well, because md5sum is md5sum.

2014-01-07-lv-r1fz6-md5sum

To the best of my knowledge, that’s all it does. It does have a few flags that are available, but nothing that seems to deviate wildly from what you see above.

For my own part I generally only use md5sum when I need to verify that files were transferred correctly. This could be a download, which is what most people probably use md5sum for.

But I have also fallen back to md5sum in the past, to check that files were copied accurately.

It’s probably not the best tool for that job (I think there are some specific tools to check for errors in transfer) but it’s usually quick and correct. And easy to spot a difference without needing to skim through every line of a file.

I have heard of people using md5sum as a kind of fingerprinting tool in the same way, to see if a file was retouched by an intermediary.

If I remember right, in that case someone had uploaded a file to a hosting service, and another person downloaded it, then checked the md5sums on both sides to see if the host had watermarked or tampered with the contents.

Right or wrong, I think it led to the conclusion that the host was adding to exif data at some point. My memory is a little foggy here; this was from years back.

The point of all this is, md5sum may not look like much, but like so many tools it all depends on how you put it to use. 😉

P.S.: Another jewel from coreutils.