tags:

views:

92

answers:

5
+1  Q: 

Why do some sites have a md5 string on each file?

On some sites, in their download section each file has a md5. md5 of what? i cant understand the purpose

on phpBB.com for example:

Download phpBB 3.0.6 (zip)
Size: 2.30 MiB
MD5: 63e2bde5bd03d8ed504fe181a70ec97a
+2  A: 

This is a checksum, for verifying that the file as-downloaded is intact, without transmission errors. If the checksum listing is on a different server than the download, it also may give a little peace of mind that the download server hasn't been hacked (with the presumption that two servers are harder to hack than one).

ceejayoz  2010-01-07 17:30:44
+3  A: 

It is the signature of the file's hash. The idea is that you can run MD5 against the downloaded file, then compare it against that value to make sure you did not end up with a corrupted download.

Mark Wilkins  2010-01-07 17:31:13
+2  A: 

It's a hash of the file. Used to ensure file integrity once you download said file. You'd use an md5 checksum tool to verify the file state.

CJD  2010-01-07 17:31:51
+1  A: 

This is an md5 hash of the entire binary contents of the file. The point is that if two files have different md5 hashes, they are different. This helps you determine whether a local file on your computer is the same as the file on the website, without having to download it again. For instance:

  • You downloaded your local copy somewhere else and think there might be a virus inside.
  • Your connection is lossy and you fear the file might be corrupted by the download.
  • You have changed the local file name and want to know which version you have.
Victor Nicollet  2010-01-07 17:33:58
+2  A: 

Sites will post checksums so that you can make sure the file downloaded is the same as the file they're offering. This lets you ensure that file has not been corrupted or tampered with.

On most unix operating systems you can run md5 or md5sum on a file to get the hash for it. If the hash you get matches the hash from the website, you can be reasonably certain that the file is intact. A quick Google search will get you md5sum utilities for Windows.

You might also see an SHA-1 hash sometimes. It's the same concept, but a different and more secure algorithm.

James  2010-01-07 17:37:14
I agree with the intent and think that's why people do it, especially in a mirroring environment. However, one thing to think about is that if an attacker can tamper with the file, he might also update the hash to be a hash of the tampered file. :)
Jeff Moser  2010-01-07 18:26:30

related questions

What is a javascript hash table implementation that avoids object namespace collisions?
Best way to prevent duplicate use of credit cards
Why is '397' used for ReSharper GetHashCode override?
How does c# figure out the hash code for an object?
What's the best hashing algorithm to use on a stl string when using hash_map?
Is there any way to use a "constant" as hash key in Perl?
Unique ID c++
Detect changes in random ordered input (hash function?)
How do I hash a string with Delphi?
Can I depend on the values of GetHashCode() to be consistent?
How to get hashes out of arrays in Perl?
Search by hash?
Given that I have a hash of id(key) and countries(values) sorted alphabetically, what is the best way to bubble up an entry to the top of the stack?
Saving Perl Windows Environment Keys UPCASES them
What is a good Hash Function?
How do I create a SHA1 hash in ruby?
How Do I Create a Hash Table in Java?
How would you implement a hashtable in language x?
why are downloads sometimes tagged md5, sha1 and other hash indicators?
How to find keys of a hash?
How do I generate a hashcode from a byte array in c#
How would a sdbm hash function be implemented in C#?
What is the best way to create a sparse array in C++
What's the safest way to iterate through the keys of a Perl hash?
Decode email address from Gravatar hash?