Results 1 to 10 of 10

Thread: MD5 Checksum

  1. #1
    Junior Member
    Join Date
    Jul 2002
    Posts
    11

    MD5 Checksum

    Hi,
    I was checkin out some security websites, and at all of them i saw this:
    MD5 Checksum
    And it stood next to the name of some file/ either a C source code or just plain text file
    What is this "MD5 Checksum" ?

    Thanks in advance

    Encrypted
    I\'ll sleap when i\'m dead

  2. #2
    Junior Member
    Join Date
    Oct 2002
    Posts
    1
    Encrypted,

    I don't know much about this but MD-5 stands for Message Digest 5, which is type of encryption which I believe is the default authentication method for IPv6

    Hope that helps!
    May the Farce be with you

  3. #3
    As far as I know it is a method used to validate that the file is intact and the file you where expecting. Something to do with the exact file size?

    If anyone out there knows in more detail I would be interested too.

    WaveRebel

  4. #4
    Junior Member
    Join Date
    Nov 2002
    Posts
    3
    md5 checksums are a security device that tells someone if a file has been modified after the md5 program is run on them. It is virtually impossible to modify a file and yet keep the same checksum

    I have just found the information below on whatis.com

    MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual. MD5, which was developed by Professor Ronald L. Rivest of MIT, is intended for use with digital signature applications, which require that large files must be compressed by a secure method before being encrypted with a secret key, under a public key cryptosystem. MD5 is currently a standard, Internet Engineering Task Force (IETF) Request for Comments (RFC) 1321. According to the standard, it is "computationally infeasible" that any two messages that have been input to the MD5 algorithm could have as the output the same message digest, or that a false message could be created through apprehension of the message digest. MD5 is the third message digest algorithm created by Rivest. All three (the others are MD2 and MD4) have similar structures, but MD2 was optimized for 8-bit machines, in comparison with the two later formulas, which are optimized for 32-bit machines. The MD5 algorithm is an extension of MD4, which the critical review found to be fast, but possibly not absolutely secure. In comparison, MD5 is not quite as fast as the MD4 algorithm, but offers much more assurance of data security.

    Helen

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Waverebel is right..... I don't know how it works etc. but I do know it is used to confirm the integrity of a file.

    From my understanding it would be possible to alter a file under a standard checksum but the MD5 hash produced against a file is far from a simple checksum. I have read it described as a digital "fingerprint" that _has_ to change if _anything_ about the file is altered.

    There are a couple of Host-based Intrusion Detection Systems, (HIDS), that run an MD5 hash of the system files on your machine and then check them every x minutes. They claim that no-one could alter one of the files without you knowing.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Junior Member
    Join Date
    Jul 2002
    Posts
    11
    hi,

    thank you all for posting.
    I now know what the MD5 Checksum is now
    You've been a great help

    Encrypted
    I\'ll sleap when i\'m dead

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    Have you downloaded upgrades from MS lately? On windows update you get a message "windows is scanning your system for updates. no information is sent to microsoft". You ever worried what actually happens?

    What happens is a lot of cheksums for the latest microsoft files are sent to your computer. Your machine checks if the cheksums are valid for your files. If they aren't, a message is sent back to microsoft about which files is out of date. Then the files are dowloaded and installed.
    ---
    proactive

  8. #8
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Good point proactive. I never actually knew how that worked for the updates, but it definitely makes sense. It is everything that has been mentioned above. Now that you understand it, you can configure a file integrity/host based IDS like TripWire and really know what you are talking about. When you configure TripWire, it reports on changes in this information so you know if your files have changed. Good stuff!
    Opinions are like holes - everybody\'s got\'em.

    Smile

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    109
    Just to throw my 2 cents in...

    Thought it is not very likely someone could alter a file and fake an md5 checksum, it is very possible they could also supply you with a fake md5sum. If someone broke into an ftp server and altered the file, it is just as likely the altered the md5sum file which contains the checksum.

    Just something to keep in mind, which is why pgp signatures are much better in such cases

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •