Security - Checksum - MD5

You just download a new file and you want to know if this file is really the good one.

How to do that?

With checksum of course!

Of course, this is not a 100% secure way, but it is better than nothing!

Why it is not a perfect secure way?
Because someone may have hacked the website where is the file to download, and generate the checksum of its own hacked file.
So if you try to check this checksum, you will have exactly the same, but the file will be hacked.
But as I said, this is better than nothing!

Let's see how to use the checksum, on Windows and GNU/Linux.

1. Using checksum on Windows

There are several software to check the integrity of a file.

We will use WinMD5Free in our tutorial.

You do not have to install it, it is a standalone software.
Just double click it and a window will appear.

OK, now for our test, let's go on a page to download a file where there is already a MD5 checksum to verify.
I took for example, the download webpage of the Apache Ant.

In the section Current Release of Ant, there are several versions such as:

  • .zip archive: apache-ant-1.8.2-bin.zip [PGP] [SHA1] [SHA512] [MD5]
  • .tar.gz archive: apache-ant-1.8.2-bin.tar.gz [PGP] [SHA1] [SHA512] [MD5]
  • .tar.bz2 archive: apache-ant-1.8.2-bin.tar.bz2 [PGP] [SHA1] [SHA512] [MD5]

We will take the ZIP one: apache-ant-1.8.2-bin.zip.
So click it to download it, but do not open this file.

Then click on the MD5 link on its right, you will have a string like this:

e875a77c21714d36a6e445fe15d65fb2

This is the checksun MD5 of this file.
If you have the same checksum with the file just downloaded, the integrity of this file will be sure, if you trust the website.

Let's come back to WinMD5Free.
In the first input, browse until the file downloaded: apache-ant-1.8.2-bin.zip
In the second, the checksum of this file will display: e875a77c21714d36a6e445fe15d65fb2
In the third input, copy/paste the MD5 checksum from the website of the file.

Click Verify and a window will alert you to tell you if there is a match or not between checksums.

Magic! cool

2. Using checksum on GNU/Linux

We will use the md5sum software and test the checksum of Apache Ant.

Do the same as the Windows section, except that you have to write the checksum inside a file.
For example, create a file, named ant-md5.txt.

Now open a command line and write this:

$ md5sum apache-ant-1.8.2-bin.zip ; cat ant-md5.txt

The result will be:

e875a77c21714d36a6e445fe15d65fb2
e875a77c21714d36a6e445fe15d65fb2

 

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.