A hash produces a fixed length output given any message and the output depends on individual bits of the data, so a change to any bit may result in change of the hash output. It is used for indexing a particular item and due to the aforementioned property it is also used for verifying the integrity of data because if a data has been changed it would not have the same hash.
/** purely informational **/
It can be produced in many ways like in sha-1 it consists of 4 levels in each level a different function is applied and 20 steps are performed in each level. A 160 bit buffer is used for storing the intermediate values, Initially the buffer contains the 5*32 register values called ABCDE. The operation is performed on 512 bit block of data. The output is produced by xoring the intial value of buffer with the value produced at the last step.
How to calculate and verify the hash ?
There are many tools available that can calculate the hash. The tool that i will be using for explanation is FCIV that can calculate both SHA-1 and MD5 hash.
You can download the tool and learn how to use it from the following link:-
after downloading the tool in a directory add it's directory to the path variable so that it can be easily called from anywhere by invoking it from the command line (for help in setting the path variable refer to this post).
When you download a file from the internet through mirrors provided by the site it may happen that the mirror that you are using may provide you an invalid version of the file which could be a virus or spyware.
To verify that the file you downloaded is the correct one you would have to perform the following steps.
- Note down the md5 hash of the file given at the site .
- Download the file.
- Open the command prompt and navigate to the directory in which you have downloaded your file. let abcd be the name of the file for which you want to generate the hash . Now to produce a hash (md5) of the file execute the following command.
FCIV -add "abcd" -md5 >hash.txt
- What the last command simply does is, it calculates the md5 hash and then redirects the output to a file hash.txt
- Now you can open the text file and compare the hash value with the value mentioned at the site. If the two values are same then file's integrity is maintained (i.e it is genuine) else you can be sure of one of the 2 things a) file was downloaded incompletely b) the file is probably a virus or malware.
Note:In the next post i will be mentioning about how to verify whether the torrents are fake or not.