views:

138

answers:

8

I thought they were there for security; to check that the file hasn't been tampered with. But surely if someone is capable of modifying the file then they are also capable of modifying the page with the hash!

What security does this actually offer?

+1  A: 

It is not just for security. The hashes are provided so that you can check if the file that you downloaded is corrupt or not.

Alan Haggai Alavi
A: 

The MD5 is to check if the file you downloaded has been downloaded correctly, it is often done with large files as ISOs for Linux distributions.

zpon
doesn't tcp take care of this?
Matt
It does, (more or less), but there have been plenty of buggy protocol layers higher up that "eat" data where TCP transmitted them perfectly. I've fallen victim to a number of them over the years. :(
nitzmahone
Also, tcp doesn't take care of spurious dropped connections.
GregS
+2  A: 

Yes it is for ensuring the file integrity.
Suppose you get the executable from another source, say from a different site, a CD/DVD, you can be sure that what you are using is the right executable.

gameover
+3  A: 

They're usually there just to ensure you got the download complete and correct.

It does help with one security-related issue: malicious modification happens as a result of a trojan running on the target machine inserting itself. This isn't a "targeted" attack per se- the trojan just "infects" whatever exe's it can- wouldn't be smart enough to fix the hash.

nitzmahone
+2  A: 

It improves security in case file is downloaded from a mirror location.

E.g. apache.org provides many mirror download locations to reduce load on their servers. However they have no means to control validity of files on those locations. Therefore MD5 checksum is provided: The checksum file is always downloaded from apache.org, not mirrors.

Vilmantas Baranauskas
A: 

Besides it is a unique id for the whole distribution. Distributing the hash and distribution must have a legal enforcement.

smallbug005
what legal "enforcement" is there?
Matt
A: 

Actually, MD5 or SHA1 alone is not sufficient to verify the file integrity. You need to use a MAC, or a HMAC. Otherwise, length-extension attacks are possible.

rFactor
nah. That doesn't make sense.
GregS
Yeah, right. Based on...?
rFactor
that's untrue - you can't use a [H]MAC because it would mean sharing the secret with all verifying parties (ie; anyone downloading the payload!) which would defeat the purpose of the [H]MAC.
Michael Howard-MSFT
Can you elaborate a bit more, please?
rFactor
A: 

the correct way to do it is to provide the hashes on a web server that lists all the files and their hashes. the connection to the server must be over SSL/TLS to make sure the server is the correct server and not an imposter.

in short - keep the hashes out of band from the files.

Michael Howard-MSFT