checksums and has numbers

  • Thread starter Thread starter mm
  • Start date Start date
M

mm

Some of the software available for download lists MD5 checksums.

I have no idea how to generate a checksum to compare with the one on
the download page. Do many people do this? I only find urls that
say how to do it in Unix.


Background:
My guess is that if one uses the right software on the downloaded
file, he should get the checksum, and then he'll know the file wasn't
virified or tampered in some other way to his detriment. The wikip
entry talks about transmission errors.

Either way, I don't know how to do it, or if I should bother. Do
many people do it?
 
mm said:
Some of the software available for download lists MD5 checksums.

I have no idea how to generate a checksum to compare with the one on
the download page. Do many people do this? I only find urls that
say how to do it in Unix.


Background:
My guess is that if one uses the right software on the downloaded
file, he should get the checksum, and then he'll know the file wasn't
virified or tampered in some other way to his detriment. The wikip
entry talks about transmission errors.

Either way, I don't know how to do it, or if I should bother. Do
many people do it?
Click to expand...

I do this all the time. I have a port of MD5SUM which I use
regularly, but I can't tell you exactly where I found it.
I've had it for a while.

Microsoft provides a tool, called FCIV. It computes both
MD5 (message digest 5) and SHA1. So you could get this one.

http://www.microsoft.com/downloads/...58-31B7-47E2-A663-7365C1686C08&displaylang=en

Of the two algorithms, I've heard that MD5 has been cracked. What
that means, is a hacker can change the contents of a download
file, preserve the file length, and have the MD5 sum work
out to the correct value. And thus, in the larger scheme of
things, an MD5 sum may not identify when a download has been
altered.

I don't know if the same is true of SHA1 or not. There are some
comments here about SHA1.

http://www.h-online.com/security/features/Hash-cracked-747181.html

A determined hacker, could probably alter a downloaded file,
and make those checks appear normal. So the technique is not
without its flaws.

Paul
 
Of the two algorithms, I've heard that MD5 has been cracked. What
that means, is a hacker can change the contents of a download
file, preserve the file length, and have the MD5 sum work
out to the correct value. And thus, in the larger scheme of
things, an MD5 sum may not identify when a download has been
altered.

I don't know if the same is true of SHA1 or not. There are some
comments here about SHA1.

http://www.h-online.com/security/features/Hash-cracked-747181.html

A determined hacker, could probably alter a downloaded file,
and make those checks appear normal. So the technique is not
without its flaws.
Click to expand...

It wouldn't be likely to get an executable file to work if you changed
its contents and tried like crazy to make sure its hashes worked. You'd
have to change too many other bytes and that'll just kill the whole
thing. Doing the same thing to a data file might be more plausible, but
of course such a file can't be used as a payload to malware. Of more use
to spies than to hackers.

Yousuf Khan
 
mm said:
Some of the software available for download lists MD5 checksums.

I have no idea how to generate a checksum to compare with the one on
the download page. Do many people do this? I only find urls that
say how to do it in Unix.


Background:
My guess is that if one uses the right software on the downloaded
file, he should get the checksum, and then he'll know the file wasn't
virified or tampered in some other way to his detriment. The wikip
entry talks about transmission errors.

Either way, I don't know how to do it, or if I should bother. Do
many people do it?
Click to expand...


I've used the Windows version of CRC32 Calculator for years to check the
CRC of downloads:
http://www34.brinkster.com/dizzyk/crc32.asp

For MD5 sums there is MD5 Checker:
http://download.cnet.com/MD5-Checker/3000-2092_4-10410639.html
 
Back
Top