How to Determine Hashing Algorithm for SHA1, SHA256 and SHA512 Hashes on Linux

How to Determine Hashing Algorithm for SHA1, SHA256 and SHA512 Hashes on Linux


Not sure whether the 1GB file which you have just downloaded was transferred successfully without any error? Actually there is a way to check this. By using a hash algorithm that produces a fingerprint of the downloaded file, it is able to verify that the file is exactly the same as the source. Just like the human fingerprint, the resulting character string is unique and only that file would have that fingerprint. Similar to Fedora, sites that offer large downloads will publish a list of the hashes as well. To verify that the file has been downloaded correctly, all you have to do is to make sure that the hash of your files are the same as the published hash.


Although the MD5 hashing algorithm was popular in the past, it has been slowly replaced by the SHA family of hashes. One of the major problem with MD5 is the possibility to create multiple files having the same fingerprint. One popular case among cryptographers, a security researchers claimed that he can predict who would win the presidential election. To prove his point, he has created a file with the winning result in it and released the MD5 hash. Once the election is over, he would release the file to prove that his prediction was right. But the fact is, he has created several files with the candidates name in it and manipulated the file in a certain way that every file had the exact MD5 fingerprint.


There are many different Secure Hash Algorithms (SHA) like the SHA1, SHA256 and SHA512. SHA256 and SHA512 both use the same algorithm, while process the data in different sized chunks. SHA256 uses 32 bit blocks and SHA512 uses 64 bit blocks.


SHA1 is close to MD5 with some concerns about the uniqueness of the resulting hashes and thus, it is not approved for many cryptographic uses since 2010. However if you find a site which publishes SHA1 hashes, you can verify them like this:

  • sha1sum Fedora-19-i386-netinst.iso

The output will be shown as below:

  • cf23df2207d99a74fbe169e3eba035e633b65d94 Fedora-19-i386-netinst.iso


SHA256 hashes are generated using the same way:

  • sha256 Fedora-19-i386-netinst.iso

And the result is similar, except the fingerprint string is longer:

  • 3a96b9feb1e7d869ed98b101a2e5cc5169e9f8d348712c1fb56196f877e23b8e Fedora-19-i386-netinst.iso


Same goes for SHA512:

  • sha512sum Fedora-19-i386-netinst.iso

The fingerprint will be even longer:

  • 4f2f1e1863c243fea1dd7082006256211b16d0cb747968cd03ab77abc8f2a01b5c0cac7d9ca078e73d2dadf41959ff9cd2b1b8373dec803ab5967f007b19a5aa Fedora-19-i386-netinst.iso


Rather than just publishing the fingerprint string in isolation, some sites show a checksum file that contains all the hash detail in a machine readable form that the various sha commands can use to verify files. A checksum file for the net install 32 bit Intel version of Fedora 19 might look like following:

  • 3a96b9feb1e7d869ed98b101a2e5cc5169e9f8d348712c1fb56196f877e23b8e Fedora-19-i386-netinst.iso


To check this use the -c parameter like this:

  • sha256sum -c Fedora-19-i386-CHECKSUM

Where Fedora-19-i386-CHECKSUM is the name of the file containing the fingerprint information as shown above.


If everything is right, then the output will look like this:

  • Fedora-19-i386-netinst.iso: OK


In case there is some error in the downloaded file, the output will show:

  • Fedora-19-i386-netinst.iso: FAILED

sha256sum: WARNING: 1 computed checksum did NOT match


Your Linux distribution also consists of sha224 and sha384 commands. These two hash algorithms are truncated versions of SHA256 and SHA512. They can be used in exactly the same way as the sha256 and sha512 commands. Try producing hashes uses and notice the differences in the output.

Did you remember to share this with your friends?