3. Cryptographic Hashes

We are now on step 3 and your 1st screenshots will take place in this LL component.

1. Install or setup your VM on your host system/OS.  

2.  Download Ubuntu

3. Verify the the Ubuntu download’s MD5 Hash

4. Install the guest Ubuntu OS in your VM

5. Explore your new VM

 

Cryptographic Hashes (MD5/SHA1SUM) in Forensics and Data Validation

As information… since I never miss a chance to add an important skill … :), cryptographic hashes are used in both security (Linux Password File Encryption) and to verify data integrity.  This is one of the tools used in computer forensics as investigators will take a hash of the hard drive to serve as a fingerprint that verifies the integrity serving as a basis for the chain of custody.  So if you are ever a manager and you suspect foul play, the first step of proper law enforcement is to get a hash of the harddrive/USB drive/etc.  Do not just begin poking around as you will corrupt the chain of evidence and invalidate any case you have. We have seen this as every file/directory has a modify bit (go back to files and review if necessary).  If you touch a file (just by viewing it) you have corrupted the evidence and it is no longer admissible in court unless you can prove it is in its original state (hence the MD5 fingerprint).

Now MD5 & SHA Hash Functions/Cryptographic hashes also allow you to confirm the integrity of the files you download. This is important since the most common cause of malfunctioning installations and errant behavior is a result of incomplete/incorrect downloads and we will do this from this point forward.

The md5sum and sha1 hash algorithms take a file as input and produce as output a message digest of the input, which is a highly unique fingerprint. This enables you to verify that your downloaded files are unaltered from the original.  If your calculated hash matches the message digest we provide, you are assured that the file was downloaded intact.

The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard.   SHA stands for Secure Hash Algorithm. sha-1 and MD5 utilities are available for Windows and Linux and Mac.   Most Linux installations provide a sha1sum command for sha-1 hashes and a md5sum command for calculating MD5 message digests.

MD5 Ubuntu Download Verification

Note I will describe my application of MD5 but you will find SHA-1 hashes and their use is nearly identical.  A quick description of their similarity and use is here.

Mac OS: MD5 verification is straightforward on the Mac and its Linux/Unix kernel as this is a core component of the OS’s functionality.  As background, please read Apple’s documentation, How to Verify a SHA-1 Digest: http://support.apple.com/kb/HT1652.

MD5 generation: In Finder, browse to /Applications/Utilities.  Double-click on the Terminal icon.  A Terminal window will appear.  In the Terminal window, type: “openssl md5 ” (md5 followed by a space).  Drag the downloaded file .iso from the Finder (desktop)  into the Terminal window.   Click in the Terminal window, press the Return key, and compare the checksum displayed to the screen to the one on the download page. Instructions on checking an sha-1 checksum on a Mac:

SHA-1 generation: In Finder, browse to /Applications/Utilities. Double-click on the Terminal icon. A Terminal window will appear.  In the Terminal window, type: “openssl sha1 ” (sha1 followed by a space). Drag the downloaded file from the Finder into the Terminal window. Click in the Terminal window, press the Return key, and compare the checksum displayed to the screen to the one on VMware’s download page.

Now I tend to do everything from the command line without dragging and dropping so I did the following.

I opened the terminal and issued the following command in the Mac OSX terminal after downloading the 12.04 LTS .iso to my desktop and navigating to the desktop directory in Terminal (perform a ls to see where you are and then probably cd desktop).

$md5 ubuntu-12.04.2-desktop-i386.iso

This returns: MD5 (/Users/jameslooby/Desktop/ubuntu-12.04.2-desktop-i386.iso) = 90a4c7bd3901cd980cd4b48198e84eb1

I then check this against the Ubuntu MD5 Hashes located here and note you will have to find your downloaded version on this page: https://help.ubuntu.com/community/UbuntuHashes

My MD5: 90a4c7bd3901cd980cd4b48198e84eb1

Ubuntu MD5:90a4c7bd3901cd980cd4b48198e84eb1

Windows OS 

Windows does not provide a built-in utility for generating MD5 Hash values. The two options are a command line verifier or a graphical verifier.  Of course the graphical verifier is easier but you may choose which one you would like to use.

Command Line (cmd.exe) Verification:  The File Checksum Integrity Verifier (FCIV) can be used on Windows based products to verify both MD5 and SHA-1 values. Please see http://support.microsoft.com/kb/841290 for details on FCIV which is a command line utility (i.e. cmd.exe).   Another command line Windows MD5 utility is  MD5: Command Line Message Digest Utility.  http://www.fourmilab.ch/md5/

Graphical Verification: WinMD5 is a nice utility and can be downloaded from here: http://www.winmd5.com/  Simply download the file, extract the executable and run the .exe.  It is intuitive as you simply browse to your downloaded .iso on your desktop.

Once you compute your MD5 you will need to verify it against the Ubuntu MD5 Hashes located here and note you will have to find your downloaded version on this page: https://help.ubuntu.com/community/UbuntuHashes

Exercise 10.3 – MD5 Verification

Compute the MD5 Hash of your Ubuntu Download and contrast this with the appropriate MD5 Hash on: http://releases.ubuntu.com/12.04/  Take a screenshot and paste both the screenshot and the correct hash in your LL10 pdf labeling this item “MD5 Verification”.  Note you will add more screenshots to this submission pdf file in the next section so you will be submitting a single pdf document.

Leave a Reply