Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Verifying checksums in terminal...


  • Please log in to reply
48 replies to this topic

#1 66Batmobile

66Batmobile

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State of Denial
  • Local time:01:31 PM

Posted 02 April 2016 - 09:27 PM

I guess this is in the right place/if not please move accordingly.

 

Does anyone know if a burned installation disc can only be verified while using the operating system it was downloaded/burned on?

 

I'll try to keep this short.  I'm currently dual booting Mint/Ubuntu.  I have the following installation media:

 

-Ubuntu 14.04 dvd-rw/made on this machine when running W7.  Didn't know about the need to verify

 

-Mint 17.2 dvd-r/made on this machine when running Ubuntu.  Verified md5sum at the time.

 

Not long after I set up the current configuration, I was reading a few of the other installation topics and saw a few indications that using DVD-RW may not be a good idea for installation media (it was all I had at the time). 

 

Anyway, today I downloaded/burned another Ubuntu iso while running mint/was able to verify md5 and sha256 in terminal using these commands:

 

dd if=/dev/cdrom bs=**** cs=**** | md5sum

 

sha256sum /dev/cdrom

 

I then tried the same thing with the old discs for peace of mind and got "input/output" error messages for both.

On a hunch I booted into Ubuntu and tried again.  This time the old Mint disc checked out, but both the old and new Ubuntu ones came back with the same error.

 

The only reason I'm asking is to find out if I should think about removing the current ubuntu partition and re-install using the new media. 

 

Thanks in advance.

 

Edit-BTW-Please let me know if I need to clarify anything/I proofread this post 10 times and I'm not sure I understand it.


Edited by 66Batmobile, 02 April 2016 - 09:29 PM.

Whatever it was...I didn't do it!


BC AdBot (Login to Remove)

 


#2 pcpunk

pcpunk

  • Members
  • 6,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:31 PM

Posted 02 April 2016 - 10:44 PM

Not sure if you can verify the DVD without Booting it, but would think this is possible.  I'll look into it if you like, or someone else will be along.

 

In Mint and Ubuntu you can verify by ISO by using GtkHash, if it's not installed in Ubuntu Install it from the Ubuntu Software Center.  I don't use the command, so you are doing very good with that.

 

Always Check "Verify" when you are burning the DVD.

 

It's not the best practice to use RW, but I believe you can Finalize the DVD in some software burners if you like.

 

Maybe you would like to tell us which Burners you used on the two machines to find out if they include a Finalize Option.

 

Now that you want to Verify the DVD Integrity in Ubuntu you can follow these directions.

https://help.ubuntu.com/community/Installation/CDIntegrityCheck?action=show&redirect=CDIntegrityCheck

 

Here are some directions for Mint:

https://sites.google.com/site/easylinuxtipsproject/burn-mint

 

pcpunk


Edited by pcpunk, 02 April 2016 - 10:48 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#3 66Batmobile

66Batmobile
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State of Denial
  • Local time:01:31 PM

Posted 02 April 2016 - 11:35 PM

Thanks for the reply pcpunk :thumbup2:

 

To clarify, this is all on the same machine-it came with W7, I removed that for Ubuntu, removed that for Mint, then added Ubuntu back for dual boot as described.

 

It's not the best practice to use RW, but I believe you can Finalize the DVD in some software burners if you like.

 

I'm 99% sure I finalized the Ubuntu RW Disc.  That one was burned when i had W7 installed, but I didn't know that one should check the hashes.  When I read the references to not using RW as such, I wanted to check it out. 

 

As far as the Mint disc, that one was burned when I had only Ubuntu installed, and I did check the md5 at that time, using the dd terminal command listed in the first post, and it checked out, so I'm not really worried about that one, other than I couldn't check it now, in the installed Mint partition.  Switch over to the Ubuntu partition and it checks out fine.  The Ubuntu RW disk gives the errors described when I try to check it in either partition.

 

Thanks for the links, I may try the integrity check before I turn in.

 

As I said previously, I am cautious to a fault at times, so I'm just trying to cover all the bases.  Thanks again :thumbup2:


Whatever it was...I didn't do it!


#4 mremski

mremski

  • Members
  • 498 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:01:31 PM

Posted 03 April 2016 - 01:50 AM

Checksumming simply takes a bag of bits as input, does some math and gives you a number.  That's all it does.   Where you get the bag of bits to feed the math, is all up to up.

 

That's a "try to be funny" way of saying, as long as the checksum algorithm is implemented correctly, it should not matter what OS you are running it on or what OS you created the input on.

(Side note:  it strikes me odd that a DVD-RW would be considered "not a good idea" for installation media.  I've been doing that for a long time).

 

Trying to get at the raw input on a DVD/CDROM may be a little difficult, especially if it gets automounted.  You may need to become superuser/sudo in order to get access to the character device:  /dev/cdrom is typically a symlink to some other /dev item that represents the real device (in a terminal, ls -ltr | grep cdrom to find out).

 

"finalizing" a DVD/CDROM is always a good idea, it writes extra stuff that makes the disc compatible with different systems.  The rub is this puts extra stuff on the disc so your checksums may not match.

 

So what I do, is download the ISO and checksum that.  This verifies your download was correct.  Good security practice to get the checksum from different sites if possible.

Whatever tool you use to burn should have a Verify option that will verify the disc after it has been burned;  that is the best time to check the disc was created correctly.


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#5 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 03 April 2016 - 03:26 PM

@66Batmobile

 

 

Does anyone know if a burned installation disc can only be verified while using the operating system it was downloaded/burned on?

-REF:http://www.bleepingcomputer.com/forums/t/609979/verifying-checksums-in-terminal/#entry3971584

It doesn't matter which OS you use, because the disc's contents are not subjective.
 

 

Verified md5sum at the time.

-REF:http://www.bleepingcomputer.com/forums/t/609979/verifying-checksums-in-terminal/#entry3971584

 

As of 2010, the CMU Software Engineering Institute considers MD5 "cryptographically broken and unsuitable for further use", and most U.S. government applications now require the SHA-2 family of hash functions.

-REF:https://en.wikipedia.org/wiki/MD5

I would suggest using SHA-256 over MD5 when possible as MD5 has known collisions. As a former standard, it is still widely provided, as is SHA-1, but SHA-2 is the new standard, in particular SHA-256. Personally I tend to use SHA-512, but people rarely ever provide SHA-512 checksums so I end up using SHA-256 alot. I would like to start using SHA-3, but none of the tools I currently use support it. :(
 

 

got "input/output" error messages

-REF:http://www.bleepingcomputer.com/forums/t/609979/verifying-checksums-in-terminal/#entry3971584

I suspect you were hashing a device that didn't exist. You can use blkid to determine which device your DVD drive is. It will output a list, and the labels should help you figure out which one is the DVD. For example, my Ubuntu disc has the label "Ubuntu 14.04 LTS amd64", and using that I know my DVD device is "/dev/sr0".

Steps:
1. In terminal type:

sudo blkid

2. Look through blkid output to determine which device is the DVD drive (eg: /dev/sr0).
 

 

I'm 99% sure I finalized the Ubuntu RW Disc

-REF:http://www.bleepingcomputer.com/forums/t/609979/verifying-checksums-in-terminal/#entry3971630

Keep in mind that some burning tools add padding, and if you finalize a disc you've essentially done the same, which means you must hash only part of the disc, or the padding will cause you to get a different checksum than expected. You can accomplish this by determing the size of the original ISO used to create the disc.

Steps:
1. In terminal type:

wc -c /directory/file.iso

Substitute "/directory/file.iso" with the path to and filename of the ISO you are hashing. This will tell you the size of the ISO. You need to know this so you know how much of the device to hash.
2. In terminal type:

head -c SIZEOFISO /dev/sr# | sha256sum

Substitute "/dev/sr#" for your DVD drive. Substitute "SIZEOFISO" for the size of the ISO. This will hash only the part of the DVD expected to match the ISO.

@mremski

 

it strikes me odd that a DVD-RW would be considered "not a good idea" for installation media.

-REF:http://www.bleepingcomputer.com/forums/t/609979/verifying-checksums-in-terminal/#entry3971685

I wouldn't describe re-writable discs as unsafe. I use DVD+RW quite often. I only use DVD-R for discs I intend to keep long term. DVD-R is the safest DVD media, because once you burn it, and finalize it you've got a DVD-ROM (Read Only Media). Using read-only media adds a level of physical protection against malware, and user-error. For that reason I would recommend using DVD-R over any other type of DVD when planning to use portable distros (eg: Puppy Linux, Knoppix, etc) or when using distros like Ubuntu in try-mode for the same purpose. But I don't think it matters that much. Re-writable DVD media are still safer than using a flashdrive. Not that I would describe flashdrives as unsafe either. All boils down to how much the user cares I think.

 


Edited by hollowface, 03 April 2016 - 03:27 PM.


#6 pcpunk

pcpunk

  • Members
  • 6,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida

Posted 03 April 2016 - 03:28 PM

(Side note:  it strikes me odd that a DVD-RW would be considered "not a good idea" for installation media.  I've been doing that for a long time).

 

Should have mentioned that.  I also have used them many times, still have them and rewrite them if needed.  Just thought I would mention it because some do believe not to use them.

 

Here is a quote from the Mint User Guide

 

"Now that you have checked the ISO file with MD5, you are ready to burn it to a DVD.

Get a blank DVD-R (a DVD-RW should work as well, but this type of media is known to
have compatibility issues) and your favorite marker and label the DVD. Although
labeling your DVDs sounds trivial, you should be sure to do so, as you can easily end up
with 20 unlabeled and unidentifiable discs on your desk."

Edited by pcpunk, 03 April 2016 - 03:29 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#7 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:31 PM

Posted 03 April 2016 - 05:08 PM

 

So what I do, is download the ISO and checksum that.  This verifies your download was correct.  Good security practice to get the checksum from different sites if possible.

Whatever tool you use to burn should have a Verify option that will verify the disc after it has been burned;  that is the best time to check the disc was created correctly.

 

+1 exactly what i was going to post. :thumbsup2:


rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#8 66Batmobile

66Batmobile
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State of Denial
  • Local time:12:31 PM

Posted 03 April 2016 - 07:51 PM

Thanks for the input everyone.  I believe I figured it out.

 

I tried the discs again (while running my Mint partition) and got the sha256 for each one to read/they checked out correctly.  Used this terminal command from Ubuntu's help page:

 

sha256sum /dev/cdrom

 

The only thing I did differently was to open the "disks" utility, select the DVD drive, and make sure the dvd's were unmounted before running the command.

 

I appreciate the tips.  They should come in handy.  Apologies for making a mountain out of this molehill :whistle:


Whatever it was...I didn't do it!


#9 pcpunk

pcpunk

  • Members
  • 6,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:31 PM

Posted 03 April 2016 - 08:57 PM

 

The only thing I did differently was to open the "disks" utility, select the DVD drive, and make sure the dvd's were unmounted before running the command.

Good job!


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#10 66Batmobile

66Batmobile
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State of Denial
  • Local time:01:31 PM

Posted 03 April 2016 - 09:57 PM

@pcpunk

 

Thanks.  I just hope I wasn't wasting anyones time.


Whatever it was...I didn't do it!


#11 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 03 April 2016 - 11:34 PM

 I just hope I wasn't wasting anyones time.

 

Not at all. Glad you got everything sorted out.



#12 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:31 PM

Posted 04 April 2016 - 12:45 AM

Glad to hear things turned out well! :thumbup2:

 

 

 

I would suggest using SHA-256 over MD5 when possible as MD5 has known collisions. As a former standard, it is still widely provided, as is SHA-1, but SHA-2 is the new standard, in particular SHA-256. 

 

hollowface makes an excellent point above. The Mint team is planning with future releases, to have a SHA-256 checksum in place, if one uses the default Firefox browser, all one needs is the 'Down Them All' extension, which verifies after download, there's a place to copy/paste it, then to the left, select the right one (MD5, SHA-1, SHA-256, etc.). Because of this, it's my browser of choice for downloading, many drivers I get has SHA-256 checksum posted, and if there's a mismatch, the user has a choice to make, discard the download (recommended), or bear the potentially heavy risk of keeping it. 

 

Therefore, it's imperative to ensure that the entire checksum is properly copy/pasted, and the right selection made as to which type it is. Otherwise, there will be errors.

 

Plus from a security standpoint, it's best to check at the download level, rather than waiting until it's time to burn. We don't want potentially tampered with downloads on our computer. :)  

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#13 66Batmobile

66Batmobile
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State of Denial

Posted 04 April 2016 - 12:33 PM

@cat1092

 

 

all one needs is the 'Down Them All' extension

 How does that actually work?  I'm all for speeding things up as long as it's not torrents (read about too many bad experiences involving them).

 

 

 

And am I hallucinating or wasn't there a post from wizardfromoz here?  I was going to ask about a few points from it :huh:


Whatever it was...I didn't do it!


#14 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:31 PM

Posted 04 April 2016 - 01:38 PM

 

 

I'm all for speeding things up as long as it's not torrents

 

Nothing wrong with torrents. P2P is actually the best way to download Linux distros.

Just stay away from warez and copyrighted material.

 

'Down Them All' is a download assistant, but not relevant to your original topic... 

 

 

am I hallucinating

 

Yes  :hysterical:


rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#15 66Batmobile

66Batmobile
  • Topic Starter

  • Members
  • 353 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:State of Denial
  • Local time:01:31 PM

Posted 04 April 2016 - 02:25 PM


 

am I hallucinating

 

Yes  :hysterical:

 

  But...but...it was there...I know it was...I checked with my friends the pink elephants and they saw it too! :crazy:

 

Kidding...I'll stay on topic now.


Whatever it was...I didn't do it!





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users