Tip

Verifying file integrity with MD5 checksums

When you download a file or make one available for others, the integrity of the file is just as important as anything in it -- both to guard against tampering and to ensure that files aren't corrupted during downloads or from being transported on bad media. Such things are rare, but they do happen, and they contribute in their own small way to what might be the only available copy of something becoming unusable. If you've ever downloaded something on a high-speed connection, burned it to CD for later use and then found out the burned copy was corrupt, you'll have experienced this firsthand.

What can be done to defend against this sort of problem? Many archives or self-extraction mechanisms have their own file verification systems, but there's something else you can do above relying on such things alone: Create an MD5 hash for the file.

More information
  • ATE: More uses for MD5
  • News: Verify patch integrity
  • The MD5 algorithm, created by Ron Rivest, is a way to "sign" a file to verify its contents mathematically. The hash consists of a 128-bit (16-byte) checksum -- also known as a "digest" -- that is generated cryptographically by using the contents of the file. No two files ever generate the same hash, and it's virtually impossible to craft a file that will have a given checksum ahead of time. This makes it enormously useful for verifying a patch or file archive: If you publish the file along with an MD5 checksum, then the end user or administrator can use a third-party tool to ensure that the file matches the hash.

    One very simple implementation of an MD5 hash tool is DiamondCS MD5 from Diamond Computer Systems Pty. Ltd. It's a freeware app that runs in Windows and can generate an MD5 hash for any given file or even a piece of text. The resulting hash can be copied out (it's plain text) and provided either in a text file with the file itself or in a separate accompanying note. If either the hash or the file is damaged, they will not match, and you'll know something went wrong.

    MD5 hashes are also used in many other contexts. Cryptography packages for e-mail allow you to sign an e-mail with both an MD5 hash and a cryptographic certificate. Doing so verifies that the contents did indeed come from the person in question. Likewise, a binary attachment in an e-mail can accompany an MD5 hash in the body of the e-mail.

    About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!


    This was first published in October 2005

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.