Comments on: Take advantage of md5 checksums for download validity http://www.ghacks.net/2009/11/20/take-advantage-of-md5-cecksums-for-download-validity/ A technology news blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Sun, 12 Feb 2012 04:50:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Generate MD5 Checksums on Windows | Whatsuphttp://www.ghacks.net/2009/11/20/take-advantage-of-md5-cecksums-for-download-validity/comment-page-1/#comment-994993 Generate MD5 Checksums on Windows | Whatsup Mon, 08 Mar 2010 07:35:11 +0000 http://www.ghacks.net/?p=18689#comment-994993 [...] internet) standard has, for years, been checking the md5 hash. Now, there’s plenty of info on the web about creating or checking MD5 or SHA-1 checksums for UNIX or Linux users, but not very much about doing the same on [...] [...] internet) standard has, for years, been checking the md5 hash. Now, there’s plenty of info on the web about creating or checking MD5 or SHA-1 checksums for UNIX or Linux users, but not very much about doing the same on [...]

]]> By: Kirillhttp://www.ghacks.net/2009/11/20/take-advantage-of-md5-cecksums-for-download-validity/comment-page-1/#comment-920941 Kirill Sat, 21 Nov 2009 22:58:33 +0000 http://www.ghacks.net/?p=18689#comment-920941 @martin english: File Checksum Integrity Verifier is very good. Thank you. But when I create an exceptions list and try to use it with -exc parameter it is not working. What can you advise? @martin english: File Checksum Integrity Verifier is very good. Thank you. But when I create an exceptions list and try to use it with -exc parameter it is not working. What can you advise?

]]> By: Ricohttp://www.ghacks.net/2009/11/20/take-advantage-of-md5-cecksums-for-download-validity/comment-page-1/#comment-920598 Rico Sat, 21 Nov 2009 07:47:52 +0000 http://www.ghacks.net/?p=18689#comment-920598 Honestly, the reason i use checksums these days are to verify that large files have been downloaded completely. i've had the occasional Linux ISO that seemed to download correctly but after some troubleshooting, i'd find that the checksum didn't match the one posted. It's not a concern with torrents, but torrents can be slower than a superfast web server. There is the issue of malicious code, but honestly i trust my [open] sources and while it's possible malicious code could be slipped in, it's such a rare occurrence that i'm really not concerned. Not the most secure security model, i know, but i've yet to have it fail me in the fifteen or so years i've been downloading from remotes sources. Honestly, the reason i use checksums these days are to verify that large files have been downloaded completely. i’ve had the occasional Linux ISO that seemed to download correctly but after some troubleshooting, i’d find that the checksum didn’t match the one posted. It’s not a concern with torrents, but torrents can be slower than a superfast web server.

There is the issue of malicious code, but honestly i trust my [open] sources and while it’s possible malicious code could be slipped in, it’s such a rare occurrence that i’m really not concerned. Not the most secure security model, i know, but i’ve yet to have it fail me in the fifteen or so years i’ve been downloading from remotes sources.

]]> By: martin englishhttp://www.ghacks.net/2009/11/20/take-advantage-of-md5-cecksums-for-download-validity/comment-page-1/#comment-920517 martin english Sat, 21 Nov 2009 05:18:42 +0000 http://www.ghacks.net/?p=18689#comment-920517 Windows users wanting to create or verify MD5 or SHA-1checksums need to look at http://support.microsoft.com/kb/841290 Windows users wanting to create or verify MD5 or SHA-1checksums need to look at http://support.microsoft.com/kb/841290

]]> By: Captain Canuckhttp://www.ghacks.net/2009/11/20/take-advantage-of-md5-cecksums-for-download-validity/comment-page-1/#comment-920295 Captain Canuck Fri, 20 Nov 2009 21:03:20 +0000 http://www.ghacks.net/?p=18689#comment-920295 Is it common for people to digitally sign their md5checksum? Is it common for people to digitally sign their md5checksum?

]]> By: Jack Wallenhttp://www.ghacks.net/2009/11/20/take-advantage-of-md5-cecksums-for-download-validity/comment-page-1/#comment-920016 Jack Wallen Fri, 20 Nov 2009 12:23:44 +0000 http://www.ghacks.net/?p=18689#comment-920016 @Captain Canuck: That is true. You could, however, create your MD5 hash and then digitally sign it. @Captain Canuck: That is true. You could, however, create your MD5 hash and then digitally sign it.

]]> By: Captain Canuckhttp://www.ghacks.net/2009/11/20/take-advantage-of-md5-cecksums-for-download-validity/comment-page-1/#comment-919750 Captain Canuck Thu, 19 Nov 2009 23:17:14 +0000 http://www.ghacks.net/?p=18689#comment-919750 "What if someone hacked into the server and replaced the file with a bogus file that contained malicious code?" Wouldn't that someone also upload another md5 hash matching the malicious replacement? usually the md5hash file is in the same directory as the download. “What if someone hacked into the server and replaced the file with a bogus file that contained malicious code?”

Wouldn’t that someone also upload another md5 hash matching the malicious replacement?
usually the md5hash file is in the same directory as the download.

]]>