major security compromise
My sha1sum and sha256sum are generating bogus seeds. Who wants to help me track it down? I have no idea where to start...
I don't know if your problem is the same as I was getting:
I had some errors with checksums of downloaded iso files...then I realized that the command was not ok.
For example, the right commands for checking downloaded Nabia iso file is:
pablo@pablo-G31T-M2:~$ md5sum -c trisquel_10.0_amd64.iso.md5
trisquel_10.0_amd64.iso: La suma coincide
pablo@pablo-G31T-M2:~$ sha1sum -c trisquel_10.0_amd64.iso.sha1
trisquel_10.0_amd64.iso: La suma coincide
pablo@pablo-G31T-M2:~$ sha256sum -c trisquel_10.0_amd64.iso.sha256
trisquel_10.0_amd64.iso: La suma coincide
"La suma coincide": checksum ok
The .iso file is in the same folder with .iso.md5 etc. files.
Greetings
bump anyone?
++++++
redacted for simplicity, see below, don't take my word for it try it yourself!
https://postimg.cc/gallery/LjfHJTS
as you can see the random text does not match any of the sha256sums on the ones generated on the web...
Why are my host key's not matching either?
When you use the echo command, the string that you pass to it is followed by a newline. Meanwhile, the website that you used was hashing the string without a newline at the end. To omit the newline outputted by echo, you can use the "-n" flag. For example,
$ echo -n "sfkjgsdbnfgvk" | sha256sum
ca3e2ebc02e01d051dfe278e98953b5451503dd4872b45613d1ab82b0d051230 -
Alternatively, you can input a newline on one of those websites and you should get 851099aabd9ca5cfb4b029c6ee6c8692671527813a65b3f14d762b93dfd632d4.
As for the SSH host keys, the fingerprint is not computed by simply taking the SHA256 sum of the key file. Try this:
cat /etc/ssh/ssh_host_ecdsa_key.pub | awk '{ print $2 }' | base64 -d | sha256sum | awk '{ print $1 }' | xxd -r -p | base64
and you should get something that matches what is outputted by SSH, possibly with some extra '=' signs at the end which are part of base64 padding. (See this answer on Serverfault for more details)