sha-256- how to verify
How to verify your file hashes to make sure you are not downloading malware onto your host.
SHA-256 is arguably one of the most important hashes in the world, every file has a hash value assigned to it, to ensure data integrity.
It is also used in blockchain technology to create identifiers for transactions and blockchain components.
what is sha-256 hashing?
The SHA-256 algorithm takes the data of a file and processes it through a complex mathematical function. This process produces a fixed-length string of 64 characters (letters and numbers). Even the slightest change to the file will result in a completely different checksum.
So if we want to ensure we are downloading the correct files and not malware, we can calculate the checksum of a downloaded file and compare it against the course checksum.
Why is it used to check if we have downloaded malware?
verify file integrity Ensures that a downloaded file hasn't been corrupted or altered during transfer. Many malware programs modify files they infect. A checksum mismatch can indicate a potential infections Used in conjunction with cryptographic keys to verify the authenticity of a file. Imagine downloading a software file. The website provides a SHA-256 checksum for the file. After downloading, you calculate the checksum of your downloaded file. If the two checksums match, it's highly unlikely that your file is identical to the original and may contain malware.
how does sha-256 cryptography work?
The algorithm for SHA-256 (Secure Hash Algorthim 2) is one type of hash algorithm created by the National Security Agency in 2001. Hashes are essentially a large amount of arbitrary bits which equal to the value of a piece of data.
256’s Algorthim is based on the Davies-Meyer Hash function where the length in bits when the hash is generate is equal to the block length of the block cipher. If we use E for encryption value and Hi to represent current encryption value. The core equation for Davies-Meyer hashes is a one way compression function and looks like:
If we break down the equation above
Hi represents current hash value and the initialization vector.
Exi block cipher encryption value where the key is Xi, or our encryption function
Hi-1 is the previous hash value
Xi is the current message block
the circle with a cross is the Xor operation
We start with our initial value (Ho), and for each message block which becomes the current message block (Xi). Xor operation and the previous message block is essentially hashed and added to the current message block which then creates a new hash, This equation is performed multiple times as shown in the image below to finish the operation.
The image below shows the properties of a generated SHA-2 hash value, the input data is put into fixed message blocks (m0, m1, mn) which is also the data to be hashed, IV is the initialization vector or initial value used to start the hashing process. The process has the small key symbol with E to represent the encryption function, so each initialization vector is encrypted with the block cipher E. Other important functions in the process is the intermediate hash values (H), and pd which is padding added to the final block (if necessary).
how can we verify hashes ourselves?
If I want to download Kali Linux, I want to make sure I am not downloading malware. To generate the File Hash, We can open up windows powershell, and use the command ‘Get-FileHash C:\path\to\your\file -Algorithm SHA256’ this will generate the SHA-256 hash.
We can take this file hash and compare it to the source file hash. and luckily we have not downloaded malware as the signatures are identical.
To calculate the checksum we can also use this tool on Github
Stay safe out there and don’t download malware, if you can avoid it.
what if it doesn’t match?
Say the hashes don’t add up. what now?
If the hashes don’t match up it could just be the case of the download has recently been updated by the developer and will have a different hash value
Perform an offline anti-virus scan with windows defender if you believe you may have downloaded malware.
you can drag and drop the file into VirusTotal - Home which will scan for malware.
