Creating and Comparing Hashes

This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.

Here’s a simple method of using hashing to verify the integrity of a file.

Requirements: This exercise assumes you’re running a Windows system and know how to access the command line. You’ll need a copy of md5sum, which is available as a free download. Search Google with “md5sum download” if necessary to download a copy.

1. Create an empty folder on your system and name it HashExample.

2. Copy the md5sum application file into the HashExample folder.

3. Create a text file by right-clicking in the folder, and selecting New -> Text Document. Name the document hashing. It should have a .txt extension.

4. Open the text document and type Hello into it. Save and close the file.

5. Open a command line on your Windows system. Change the directory with this command: cd \hashexample

6. Run the md5sum application against your hashing.txt file with the following command:

 md5sum.exe hashing.txt

You’ll see something like this as the output:

8b1a9953c4611296a827abf8c47804d7 *hashing.txt

Don’t worry if your hash is different. The key is that you created the hash for the file. The hash is the string of 32 hexadecimal characters.

7. Run the md5sum application against your hashing.txt file again using the same command:

  md5sum.exe hashing.txt

You’ll see exactly the same output as before:

8b1a9953c4611296a827abf8c47804d7 *hashing.txt

It’s not necessary, but you can run this command 100 more times and you’ll always see the same output. As long as the original file is the same, the hash will always be the same. This verifies the file has not lost integrity.

8. Open the text file with the following command:

  notepad hashing.txt

9. Add the following phrase to the file: I can pass the Security+ exam.

10. Save and close the text file.

11. Run the md5sum application against your modified file named hashing.txt file again using the same command:

  md5sum.exe hashing.txt

You’ll see that the hash has changed. Here’s what I got on my system:

fdc31aaf2d23486d862b1e52fe32c22a *hashing.txt

It is significantly different then the original hash created in step 6.

Again, don’t worry if your hashes are different than mine. Something as simple as an extra space creates a completely different hash.

Extra Steps

Want to do this a little differently?

Instead of using md5sum to calculate the hashes, you can use the sha1sum program to calculate and compare the hashes.

Use your favorite search engine to find and download a copy of sha1sum.exe. The usage is similar to the md5sum application used in the specific steps above.

Back to SY0-501 Security+ labs.