Home / ubuntu / Questions / 1111920
Accepted
Alice
Asked: 2019-01-23 02:57:21 +0800 CST

multiple forms of sum in core utilities

  • 772

Upon reading GNU Core Utilities - Wikipedia, I find multiple sum 

me@alpha:~$ cksum nohup.out 
4104911401 101860700 nohup.out
me@alpha:~$ b2sum nohup.out 
468c86394c5c4be04d0bce3b98584197b0c3f4cbb630144818f9d77d48ab7296e4c53db481b6bdd7c46dd5203d3f016d9ef01b126806e04be5003aeebb1bc6
22  nohup.out                                                                                                                
me@alpha:~$ sum nohup.out 
37767 99474
me@alpha:~$ sha1sum nohup.out 
79106925d593e18bd148ba94a6e4fb9da02e8c47  nohup.out
 me@alpha:~$ md5sum nohup.out 
3be4b17f18e4715d849a31ae482565cf  nohup.out

I started learning linux months ago, should I have to distinguish them and utilize them in daily operation?

coreutils

2 Answers

  1. should I have to distinguish them and utilize them in daily operation?

    No, not really. What you have found is utilities for computing hash sums, which is used for purposes such as file verification.

    For instance, when you download a Ubuntu ISO, you will typically find a file containing a checksum, which you can verify. You download the file, and run sha256sum filename (or md5sum if it contains md5 checksums, but SHA256 is better than md5), and compare it against the published check sum.

    It also allows you to verify that a file has not changed, without having to store an duplicate of the full file. This is used by file verification tools such as tripwire.

    In general, don't worry about those utilities until you see a need for them.

    • 5
  2. Best Answer

    The checksum commands that you have found are used most often for verifying data integrity and tracking information. It's as if you solve a math problem, and then look to the answers at the end of the book to ensure that your solution is correct.

    Most common example, is when you download software or Ubuntu.iso image, you will see a file such as this (example from SHA256SUM file for 18.04 release):

    ff7feb65254b64ffadc00a3ce39df89e3cf84485343063c04fa11859475931c4 *ubuntu-18.04.1-preinstalled-server-armhf+raspi2.img.xz
a5b0ea5918f850124f3d72ef4b85bda82f0fcd02ec721be19c1a6952791c8ee8 *ubuntu-18.04.1-server-amd64.iso
8e9a766b4fed214632c8fd0f039c372fe18b0e5a2f4a4167f5c1edd5090385f4 *ubuntu-18.04.1-server-arm64.iso
dc8aa1b7f9c7d7dd66bbde516e739166126faa55789da0cb63328a507ed5fc00 *ubuntu-18.04.1-server-ppc64el.iso
76f6a384cd943a14761263b725fbccb2ebb04f147efa0c9eb884868e97c2eaac *ubuntu-18.04.1-server-s390x.iso

    When you download ubuntu-18.04.1-server-arm64.iso file, you want to ensure the file was downloaded OK, that there was no tampering with it by someone in the middle of the network, or that there was a corrupt file downloaded. Thus when you do

    sha256sum ~/Downloads/ubuntu-18.04.1-server-arm64.iso

    you will know right way if the file is OK or not. As for different types, for security applications, the stronger the has sha256 or sha512 the better, because attacker cannot break it. Hashes are one-way functions. Input produces hash, but not the other way around. So for security reasons, passwords are best never stored on servers - only hashes.

    When attackers steal information from servers, they should only have hash values of the passwords and not passwords themselves. Now, hashes such as MD5 and SHA1 have been broken and attackers can break them to find original passwords. So you don't have to memorize them, but it's good to know if an application is using a strong hash such as SHA256 or SHA512

    • 4