How is it possible to easily know if the file I am receiving is legitimate? Is it possible to know if it has been corrupted while downloading it from the Internet? Yes, it is possible through its hash. Indeed, it works as an identification code of the data we are working with. If a certain source data is altered, this alphanumeric output code is completely altered. Below, we show you everything you need to know. In addition to the recommended tools to generate hashes when you need them. In the following lines, we will describe how to check the integrity of files with the hash.
What is a hash, and what is it for?
A hash is a cryptographic function that works only in one direction. That is, it is a mathematical algorithm that transforms any input block of data into a new series of output characters with a fixed or variable length. Therefore, a hash function is the result of a function that is responsible for converting one value into another. A significant detail is that hashes generally provide a fixed-length output. However, there are hash algorithms that are specifically designed to protect passwords. Consequently, in this case, the length of the output is variable.
One of the main purposes of such a hash function is to be able to check whether a file has been modified or not. The hash fingerprint of each file is unique. The hash actually generates a kind of code that serves as an identification of the data in question. In addition, with the hash of a given file, the original file cannot be recovered. For this reason, a good security practice is to store password hashes in databases. This way, no one can obtain the information in plain text. However, to crack this hash, what is done is to try thousands of combinations. It then proceeds to compare whether the hashes are the same.
Some uses of hashing
Hashes have many uses, such as the following:
- Check the integrity of a file: The first thing to do is to hash a file. Then we copy it to another computer or anywhere else. Then, if you hash this copied file again, you should get the same result as the original hash function. As soon as a bit of changes in a file, the output of the hash we have used is entirely different. For this reason, hashing is essential in secure encryption protocols such as HTTPS or FTPES. In fact, it verifies that the data has not undergone any change in the communication. Hashes are also widely used in the world of computer forensics. In fact, they allow the chain of custody of a hard disk or a disk image to be properly performed, and to ensure that none of the content has been modified.
- Store passwords securely: Simply hash a password. Then we store the result of this hash function in a database. Consequently, if an attacker accesses this database, he will not be able to recover the password. We must remember that hash functions only go one way. Therefore, it is not possible to “reverse” a hash function. Consequently, if a cybercriminal wants to crack the password, he will have to do a brute force and dictionary attack. So that he can compare the hash of each tested password with the password he got in the leak.
As you can see, hash functions are significant in the world of computer and network security. In fact, it allows you to check the integrity of transmitted data, not just data stored on a hard disk or SSD. Next, we will show you how to check the integrity of a file using different hashing algorithms.
SHA algorithms
SHA stands for Secure Hash Algorithm. It was developed by NIST, the National Institute for Standards and Technology. It is one of the most popular standardized algorithms today. One of the advantages is that at the slightest change in data integrity, the hash changes completely. SHA2-256, for example, is a standard that is being used nationally in the United States. Moreover, it is currently considered secure. It is called SHA2-256 because the hash it generates is 256 bits long.
Not only can you count on SHA2-256 hashes and other standards to check the integrity of files. The one we mentioned also has application in popular authentication and encryption protocols: SSL, TLS, IPSec, SSH and PGP. On the other hand, this algorithm is used to hash passwords, and store the hash and not the password in clear text. Especially on Linux and other operating systems, as well as in applications that store passwords in a database. The popular cryptocurrency Bitcoin uses this algorithm to verify every transaction in its network.
Tools to generate hashes online
Now that we have a clearer picture of what a hash is and what it is for, you can try some of the tools that generate hashes. This is the primary thing to do to check the integrity of the data you want. This way, you can easily check the integrity of the data you are working with.
- File Checksum: It is a simple web tool that allows the generation of hashes. You only need to drag the file from the location where it is, to the website. Or, you can click on the box where it says, Drop File Here and upload the file. Not only can you generate hashes in SHA2-256, but also with other hash functions that exist. Specifically, 29 hash algorithms for both File and Plain Text Hashes. An important advantage is that you don’t need to register, just log in, and you can use it.
- HTML5 File Hash Online Calculator: This is another website that does not require prior registration to generate file hashes. The algorithms it supports are MD5, SHA-1, SHA-256, SHA-384 and SHA-512. It also has an algorithm that is described as the fastest implementation of SHA algorithms (WebCryptoAPI). In fact, it is applicable for files weighing less than 512 GB.
- Defuse Online Text & File Checksum Calculator: Another tool you can find on the Internet to generate hashes. It supports ASCII or UNICODE text. Regarding files, it has no format limitations, but it does have size limitations (5 MB). One of its advantages is that neither the data nor the generated hashes are stored on the site’s server.
Programs to generate hashes (free)
There are not only web solutions for this purpose, but also executable programs that are usually effortless to use. In addition to the fact that downloading and installation is free of charge:
- HashMyFiles: It is a portable program that allows the generation of hashes in massive form. That is, you can select more than one file at a time so that it can generate hashes for each one. It supports SHA (all variants) and CRC32 algorithms. It is possible to create access to HashMyFiles in the context menu. Consequently, every time you select files or even folders, you can count on this program to import them into it and create hashes. It is compatible with Windows from version 2000 onwards.
- QuickHash: It is a multiplatform open-source program (available for Windows, Mac, and Linux). It is also characterized as one of the most complete solutions. Although it only supports popular algorithms such as MD5 and SHA2-256, it has particularities such as generating hash to an entire folder. It also allows you to compare two files, directories and even an entire storage disk. In case you need to hash the entire contents of a document, line by line, this application can do it.
Other programs
- MultiHasher: This is another super compact and easy to use tool. It specializes in generating hashes massively, by folders and subfolders. It can even indicate the path of what we want to generate. Furthermore, it supports all known algorithms.
- MD5 & SHA Checksum Utility: It is a free software that generates SHA-512, SHA-1, MD5, SHA-256 hash types from a given file. It also verifies the integrity of the file. For hash verification, or to generate a hash, you must select the desired file. Then select one of these two hashes, SHA-1 or MD5. Subsequently, you must click verify or copy to verify the integrity of the file or generate the hash.
Very well, in this way we have seen How to check the integrity of files with the hash. Bye!
