Verifing file integrity of downloads
Results 1 to 5 of 5

Thread: Verifing file integrity of downloads

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786

    Verifing file integrity of downloads

    With the latest sendmail incident i would like to show windows users how to simply use MD5sum to verify the integrity of files they download


    MD5sum for Windows

    What is it:

    MD5sum does a checksum. A checksum is the total count of the number of bits that a file contains. MD5sum counts the number of bits in a file that you have received and compares that to the number of bits that file should contain as listed on the download page. If the counts match, it's assumed that the file was transmitted and received without being corrupted.

    Why use MD5sum:

    How many times have you downloaded a program and tried to install it only to find no matter what you do you can't get it to install right? After much time and aggravation spent you find the file has been corrupted in transfer. If you had done a checksum of the file, you could have spared your self this hassle.

    An even worse scenario is downloading a file, it installs fine. But after a time you learn the program contains a Trojan. This happens when a malicious person breaks into a download directory and replaces the original file with one she’s previously downloaded and add a this trojan to. This has happened many. Very recently it has happened to the sendmail download at sendmail.org. A very reliable site, but this goes to show once again...take nothing for granted.

    Again you would have been spared had you simply checked the files md5 checksum with the checksum listed on the download site.

    Where can I get MD5sum:

    It is available all over the net but I’ll give a link i know to be good at the time of this writing.

    http://www.swiss.ai.mit.edu/projects...7.5/md5sum.exe

    The download of md5sum from here has nothing to do with the project spoken of on the page this link is on so. I feel it is ok just to give the link and not the page address. It is freeware.


    So now that i have it, how do i use it?:

    The easiest way is just to do a checksum of the downloaded file and compare it visually with the sum given on the site.

    On the site for IRCABI.exe is given the MD5 checksum "dd941d7a3b5386dca64718fb6dbb6d6d"

    Now open a dos prompt and enter:

    md5sum c:\where\youput\ircabi.exe

    Or

    CD to the directory that contains the file and enter:

    C:\Temp>md5 IRCABI.EXE

    You’ll have returned:

    MD5 (IRCABI.EXE) = dd941d7a3b5386dca64718fb6dbb6d6d

    Bit for bit it looks like you received the whole file. No more, no less.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    324
    Useful stuff!
    \"I may not agree with what you say, but I will defend to the death your right to say it.\"
    Sir Winston Churchill.

  3. #3
    That is a very useful bit of information.
    Thanks.

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    216
    Thanks
    that is two things i learnt from you tonight
    Thanks again
    Regards
    Mike
    Never miss a good opportunity to shut up.....

  5. #5
    Member
    Join Date
    Sep 2002
    Posts
    89
    thank you Auntie
    For hundreds of years the brain was physically capable of the thoughts of a Galelio or an Aristotle among people who had not yet learned to count to ten. Much of that equipment is still unused and waiting.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides