Creating and Comparing Hashes

This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.

Here’s a simple method of using hashing to verify the integrity of a file.

Requirements: This exercise assumes you’re running a Windows system and know how to access the command line. You’ll need a copy of md5sum, which is available as a free download. Search Google with “md5sum download” if necessary to download a copy.

1. Create an empty folder on your system and name it HashExample.

2. Copy the md5sum application file into the HashExample folder.

3. Create a text file by right-clicking in the folder, and selecting New -> Text Document. Name the document hashing. It should have a .txt extension.

4. Open the text document and type Hello into it. Save and close the file.

5. Open a command line on your Windows system. Change the directory with this command: cd \hashexample

6. Run the md5sum application against your hashing.txt file with the following command:

 md5sum.exe hashing.txt

You’ll see something like this as the output:

8b1a9953c4611296a827abf8c47804d7 *hashing.txt

Don’t worry if your hash is different. The key is that you created the hash for the file. The hash is the string of 32 hexadecimal characters.

7. Run the md5sum application against your hashing.txt file again using the same command:

  md5sum.exe hashing.txt

You’ll see exactly the same output as before:

8b1a9953c4611296a827abf8c47804d7 *hashing.txt

It’s not necessary, but you can run this command 100 more times and you’ll always see the same output. As long as the original file is the same, the hash will always be the same. This verifies the file has not lost integrity.

8. Open the text file with the following command:

  notepad hashing.txt

9. Add the following phrase to the file: I can pass the Security+ exam.

10. Save and close the text file.

11. Run the md5sum application against your modified file named hashing.txt file again using the same command:

  md5sum.exe hashing.txt

You’ll see that the hash has changed. Here’s what I got on my system:

fdc31aaf2d23486d862b1e52fe32c22a *hashing.txt

It is significantly different then the original hash created in step 6.

Again, don’t worry if your hashes are different than mine. Something as simple as an extra space creates a completely different hash.

Back to Security+ labs

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1.

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.