Md5sum is used to check integrity of iso image of say ubuntu.How does it work?
+6
A:
The algorithm Message Digest 5 or MD5, it is a one-way cryptographic hash function. MD5 performs many binary operations on the "message" (binary data, for example of an iso image) to compute a 128-bit "hash".
It is useful to check the integrity of a downloaded package such as ubuntu because generating the MD5 hash will be identical if the package is exactly the same as the authenticated source. If there are errors in the download (from network interference, etc.) or if you downloaded a malicious package that was made to look like ubuntu but contained other code/whatever, then the MD5 would not match and you would know something was different and you should download again from a different source.
Dustin Fineout
2009-06-15 17:26:17
Just a little added tidbit: The MD5 algorithm (and indeed most cryptographic hash function algorithms) are constructed so that even one bit of difference between two inputs will cause a huge change in the hash function output. This property makes it very difficult to create two input messages that hash to the same output.
Mike Daniels
2009-06-15 17:41:54
Thanks Mike. Just a little tidbit, said property is known as the "Waterfall Effect".
Dustin Fineout
2009-06-22 22:00:42
A:
MD5Sum is a file checksum generating tool using MD5 as the hashing algorithm. It provides the user with a reasonable assurance that the file was untampered with.
In order to do this, the user will need to (via shell integration or manually) process their own MD5 hash and compare it to the hash provided by the uploader.
An MD5Sum hash won't assure you that the uploader who provided the checksum didn't fiddle with the file, to do that you should trust the source of the MD5 checksum (ie. get the checksum from Ubuntu instead of the download site providing the image).
Eugarps
2010-07-01 19:37:13