Verifing file integrity of downloads

With the latest sendmail incident i would like to show windows users how to simply use MD5sum to verify the integrity of files they download


MD5sum for Windows

What is it:

MD5sum does a checksum. A checksum is the total count of the number of bits that a file contains. MD5sum counts the number of bits in a file that you have received and compares that to the number of bits that file should contain as listed on the download page. If the counts match, it's assumed that the file was transmitted and received without being corrupted.

Why use MD5sum:

How many times have you downloaded a program and tried to install it only to find no matter what you do you can't get it to install right? After much time and aggravation spent you find the file has been corrupted in transfer. If you had done a checksum of the file, you could have spared your self this hassle.

An even worse scenario is downloading a file, it installs fine. But after a time you learn the program contains a Trojan. This happens when a malicious person breaks into a download directory and replaces the original file with one she’s previously downloaded and add a this trojan to. This has happened many. Very recently it has happened to the sendmail download at sendmail.org. A very reliable site, but this goes to show once again...take nothing for granted.

Again you would have been spared had you simply checked the files md5 checksum with the checksum listed on the download site.

Where can I get MD5sum:

It is available all over the net but I’ll give a link i know to be good at the time of this writing.

http://www.swiss.ai.mit.edu/projects...7.5/md5sum.exe

The download of md5sum from here has nothing to do with the project spoken of on the page this link is on so. I feel it is ok just to give the link and not the page address. It is freeware.


So now that i have it, how do i use it?:

The easiest way is just to do a checksum of the downloaded file and compare it visually with the sum given on the site.

On the site for IRCABI.exe is given the MD5 checksum "dd941d7a3b5386dca64718fb6dbb6d6d"

Now open a dos prompt and enter:

md5sum c:\where\youput\ircabi.exe

Or

CD to the directory that contains the file and enter:

C:\Temp>md5 IRCABI.EXE

You’ll have returned:

MD5 (IRCABI.EXE) = dd941d7a3b5386dca64718fb6dbb6d6d

Bit for bit it looks like you received the whole file. No more, no less.

Useful stuff! :thumbsup:

That is a very useful bit of information.
Thanks.

Thanks :)
that is two things i learnt from you tonight
Thanks again
Regards
Mike

thank you Auntie