Linux Tutorial for Beginners - 9 - Verify Files Using Checksum

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

alright guys welcome back in in this video I am going to show you how to verify the checksum of a file using a hash if you guys are like mmm no idea what any of that means don't care probably don't need it going on to the next video well hold on let me explain exactly what that means so what we're going to be doing is whenever you go on the internet and find some file that you want to download you click download and then you take whatever files on their server and you're pretty much bringing it on to your own personal local machine your own computer so what we're going to do is we're going to verify that the file that we wanted was actually the file that we got um that's not really makes sense I mean you go get a file download it and it's always the same one right well there are a lot of attacks nowadays and let's say that there was some kind of hacker who was send in between the server and your own computer well what they could do is they could see that you're downloading a file and instead of giving you the file that you wanted whether it was an mp3 a video a zip file what they could do is they could send you a malicious file with you know some virus instead or let's say that someone wanted to spy on you they could send you you know a program just like it but it could have a backdoor in it so they could you know snoop on your traffic whatever all right well that doesn't sound good so how can we verify that this file that we actually wanted in this example I'm just using raspberry pi and this is just because you know I just wanted to find some small file that I could download for this tutorial but you guys notice these or you're going to start noticing them now that you know what they are on pretty much every you know important file that you can download off the internet alright so that sounds pretty cool I want to verify that I got the right file how do we do it well we're going to do it using this thing and this is called a hash and there are a bunch of different types of hashes or hashing algorithms and I won't get into the real specifics of how they work because they all work a little bit different but basically a hash or this long number right here is a way that you can take some data and turn it into a specific number now this formula it only works one way so whenever you take this file for example and you run it through this formula it's always going to give you this number if you do it in a year it's still going to give you this number if you make any changes to this file and run it through the same formula this number is going to be completely different so that way what we can do is we can download this file run it through the formula on our own computer and make sure that we end up with this number right here and if we do then we know that this is the verified version of the file if anyone messed with it then like I said we're going to get something else so I already download this before this tutorial so what I'm going to do is just pop open my terminal and switch my profile all right I also made my background my terminal kind of transparent so uh you know you guys can kind of see the files and let me actually change it so it's a little so you guys can see the actual files behind it I think it looks pretty cool too all right so what we want to do is this file that we downloaded we want to check and make sure that we end up with this number as a result so what I can do is let me just alright so right now I'm in my home and I want to move to my downloads just because that's where the file is and we can see that this is the file that we just downloaded is just a zip file but it can be any type of file um you know just so I so whatever so what we wanted to do is you want to run it through some kind of hashing algorithm and the hashing algorithm in this case that Raspberry Pi used is sha-1 so this is like the easiest thing ever if you just type sha-1 some that's what algorithm you're going to use in after this just type the name of the file in the name of my file is n oo and if you just start typing it and you hit tab then a Mbutu is going to figure out what you're trying to type and hit enter so when we took this file on our own computer noobs light and we were running it through this algorithm this formula we ended up with this value e140 five three all right let's look on the website e one four zero five three all right it looks it looks like it's the right number but um and most of the time you can just like look at this and maybe write it down or compare it you know read them one by one but if you guys want a real quick way to um you know just compare them if you're too lazy to actually read the whole thing then what you can do is you can just select this and copy it so you know that this is the verified hash and then whenever you type your program again instead of just running it and outputting it what you can do is use the pipe symbol and if you hold shift above enter on your keyboard that little up-and-down thing that's the pipe symbol and you can type gr e P and then let me just do this visually so you guys can see pasted in the hash from the website now this is going to do is it's going to run the same formula before on our own local file but it's going to compare this again grep means that you can pattern match using regular expressions so what you're pretty much saying is does this match this from the website hit enter and if it's red it means that it does match pretty sweet now I'll show you guys what happens when it doesn't so I'm going to run this again but let's say that the verified arm hash we knew instead of this being an a I'm going to change this to B so now whenever you run this hashing algorithm or the formula on our computer it's going to end up different than the verified version so I'm going to hit enter and you see we didn't get that red output so it's kind of you know counterintuitive because red is actually a good thing something that you want to see so yeah there you go so whenever you download a file from the internet if you want to make sure it's valid then run the hashing algorithm on it so she'll want some and there's also like md5 some sha-256 some you're going to tell you what algorithm to use on the website match them and as long as it red it's red then you got the verified version now the last thing i want to talk about before i got let you guys go and guys don't have to type anything else is re how do I know that someone just didn't hack this website and um you know or maybe there's a virus on my computer that whenever I go to this website it's going to give me a fake hash and the fake file well then I'm kind of screwed because re I'm checking it and it's saying it's verified but you know maybe someone on my computer is just tweaking with what I see well for that what you can do is if you want to be like extra safe then shut off the Wi-Fi on your phone and just connect to the 4G network and view the same website so whenever I view this from my phone using 4G opening an entirely different device and network then make sure it says the same thing also um you know maybe go to one of your friends house or ask them to go to this website and read back the Elgar it or excuse me read back the hash value and once you do that then you can see that okay this is the actual hash make sure that you're on the right website of course and it's good to go so you know it sucks that I even have to teach you guys this because you know it's kind of crappy that people do this and put backdoors and software and there are people sitting in the middle you know manipulating your fire your files but now you guys will be knowledgeable good to go safe thank you guys for watching see you next time

Info

Channel: thenewboston

Views: 140,128

Rating: undefined out of 5

Keywords: linux, tutorial, beginners, operating, system, command, line, ubuntu, mint, terminal, series, advanced, centos, full, 2015, 2016

Id: pYNuKXjcriM

Channel Id: undefined

Length: 8min 2sec (482 seconds)

Published: Tue Aug 11 2015