How can I compare many SHA-1 checksums against the actual files on macOS?
In Terminal, change directory to the one with your .sha1 file and use shasum. For example, let’s assume that the .sha1 file is ~/Downloads/New_Data/manifest.sha1, then you’d do:cd ~/Downloads/New_Datashasum -c manifest.sha1… which will read the SHA-1 checksums in manifest.sha1 and check each file in the list to see if the file matches the one in the list.
How can I check if a Windows ISO file is tampered with? I have no knowledge of coding.
The easy way is to ensure it is a legal copy from Microsoft. If you downloaded it with their tool just verify it using the checksum.If it came from any other source, well, sometimes paranoia is justified.
Have any two different files been found to have the same MD5 or SHA1 checksum, ever?
For MD5, yes.A collision vulnerability of MD5 has been found quite a while back, see Wikipedia: MD5#Collision_vulnerabilitiesIn 2005, researchers were able to create pairs of PostScript documents and X.509 certificates with the same hash.According to Wikipidia, no such vulnerability has been found for SHA1 yet.
What is the actual size of Windows 10 ISO file?
Actually there are several Editions of Windows available today (I mean not official ones) which I call them Modified Editions of Windows, which is modified by my type of people. Some of them wants to integrate more programs or Windows updates into their Windows OS, so when they’ll do a fresh install next time then they’ll get all of their desired pre-installed Updates and programs installed by default.I recently created my Modified Windows 7 Ultimate x64 ISO, which contains some of my favorite programs and Windows updates from 2011 to April 2016.But I feel your first one Windows 10 ISO is real and “1607″ also shows that It’s Windows 10 Anniversary update (2 -Aug -16).Latest Windows 10 build 1607 don’t have of this size “2.65gb” and atleast “3.07gb” is the size of Windows 10 ISO.I hope this might help you :)Thanks for asking!
Given that SHA-1 is breaking, which specific applications that rely on it will be the most damaging if they are not fixed?
According to the researchers that produced the collision[1], hardened SHA1 is not vulnerable. Existing systems relying on SHA1 in a way that can be hard to change, such as BitTorrent and Git, will probably be best served by replacing SHA1 with hardened SHA1 to patch this vulnerability, rather than upgrade all the way to SHA256.Hardened SHA1 uses a clever trick called counter-cryptoanalysis: as you compute SHA1 hash, you check if the input is attack input and, if it is, change to a different algorithm.Hardened SHA1 will allow to preserve all existing content and will allow the system to keep adding new content securely.Note that any existing content that wasn’t maliciously produced remains secure, as the attacks feasible on SHA1 are collision attacks rather than preimage. For the same reason, SHA1, even not hardened, remains an adequate mixer for cryptographically secure PRNGs. (Not that it’s the best choice, but collision attacks are much, much easier than preimage.)Systems such as HTTPS have been removing SHA1 already. If some certificate authority continues to use SHA1 and does not follow the recommendation to include at least 64 bits of randomness in serial, this attack could feasibly be used to forge a certificate that will work in some old browsers. The attack would cost about $25k fully amortized using GPUs and perhaps $250k as a one-off, so feasible for many attackers. This is likely the most damaging aspect, and the reason certificate authorities generally no longer issue SHA1 certificates.Footnotes[1] SHAttered
What is the command to check that the Kali Linux ISO AMD64 version 2016.2 is correctly installed through USB in Windows 10 with a dual boot system?
EDIT: I hadn’t originally thought of that but, after completing the download, you can calculate the hash of the ISO you downloaded to see if it matches the hash value displayed on Kali download page.In other words, say you downloaded Kali 64-bit ISO (the first entry in the screenshot below).At that point, you can calculate the SHA1 hash value for that file.On the UNIX/Linux system, you can use the command sha1sum filename.If such command returns the same hash value you see in the screenshot below (25cc6d53a8bd8886fcb468eb4fbb4cdfac895c65), then the ISO image you downloaded is good and you shouldn't have any installation problems.If the two hash values don't match, your file is corrupt.You can see that, in my case, the two hash values match.With Windows, you can determine hash values through third-party tools or online tools (e.g. FTK Imager, online hash value calculator).*****************************************************************************Command?You boot it and, if there are problems, you’ll get an error message.When you finish installing Kali through graphical install, the wizard will tell you to remove all removable devices and will clean up temporary files.Maybe you refer to this.