Data Integrity with MD5sum

Nov 12, 2019 Security

One of the parts of Security of your data is the requirement to check for integrity of a file. Ultimately, this means making sure that the file has not changed from how a sender has sent the file to how you have received it. This can be checked by sending the MD5 has of a file separately to the file being sent. The recipient is able to run the same MD5sum to confirm the data integrity. MD5 hash is not dependant on OS vendor or version.

Example is as follows, I am going to create a txt file on my Windows 10 machine, send it via my Outlook O365 account to a Gmail account attached to a Ubuntu VM, confirming the hash at both ends to confirm data integrity (The hash can be sent via another form of communication, in my example. I’ll just screenshot it for ease).

On my Windows 10 VM, I create a text file named: SomeFile.txt – The file contains the following data:

Downloading the free tool: md5sums.exe – available here: http://www.pc-tools.net/win32/md5sums/ – I am able to calculate by running the md5sums.exe against the txt file as shown below. I have highlighted the command used and the Filename and Hash. Do not worry if your hash is different to mine.

I send this to my personal Gmail account which I access and download to my Ubuntu VM (I assume you already know how to download files!). MD5sum is already a available on my version of Ubuntu. So within terminal I run the MD5sum and compare the hash to that of the windows 10 machine. As you can see, the Hash is the same, this confirms that the data integrity has not been compromised during the sending/receiving of data.

Now imagine that the email file was infact intercepted between the Sender and Receiver. The txt file was manipulated to change the details spoofing your email address to look like the original source and send it onto the recipient. Now the text file received looks as follows:

Checking the hash of the same named file that is downloaded into the same location, you can clearly see the hash is completely different, so now the integrity has been compromised and the data cannot be trusted

Leave a Reply

Your email address will not be published. Required fields are marked *