File Verifier++ is an Open Source software for the Windows operating system that can create and store hash values of selected files and check their integrity whenever it is needed.

It begins by adding files or directories with files to the program. A click on files or dirs in the main menubar opens a file and folder browser to do that. all files are then added to the program listing and hashes are calculated automatically for them.

Information such as the file path on the system, hash, encoding, algorithm used to compute the has, size, modification time and verification are displayed in a table in the main interface.

The message log details which operations have been started and completed in the program. This includes how many files have been processed at what speed and time.

File listings can be stored on the computer system to load and verify them against the file hashes of existing programs.

Identical (or valid) files are highlighted in green, files that fail the verification check in red. Files can also be highlighted in blue if the hash and file size is identical but the modification date differs. The program does not only use a files hash to verify its integrity but also the file size, file attributes and modification time.

The default algorithm used is MD5, the program does support several other algorithms including CRC, SHA or RMD.

File Verifier++ Features

• Can load and save results to and from various formats.
• Hash algorithms can be added through the DLL interface.
• Hash verification. Can load hash results and compare to what is actually on your disk.
• Color coding of validity states
• Verification considers file size, file attributes, and modification date to be significant.
• Drag and drop support.
• Recursive directory processing.
• Recursive processing using patterns.
• Calculates hashes on strings.
• Search and grep using regular expressions.
• Selective verification.
• Unicode support (recognizes Unicode file names and writes results encoded in UTF-8 (without BOM))
• Supports Windows XP Visual Styles
• Shell Integration (Shell extension).
• Can be installed using installer or without.
• Command line version. (in beta)

File Verifier++ comes with several extras that are accessible through the file menu. It is for instance possible to use the advanced processing module to process multiple directories with select patterns or regular expressions as filters.

The program is fully compatible with 32-bit and 64-bit versions of the Windows operating system. The portable version can be run from any location, ideal for storing it with the file verification information on burned CDs, DVDs or other backup storage locations.

But file integrity can be important on the local PC as well. A program like Exact File can tell you exactly if someone modified your Word or Excel document, or played your game just a little bit further.

Exact File is a free file integrity tool for the Windows operating system. It can process single files or batch process complete folders. The software supports all important hash methods including MD5, SHA512, CRC32 and about a dozen more.

Options to create checksums for single or multiple files, as well as to verify the integrity of already checked files are offered in the program’s interface.

A single-file check works by dragging and dropping a file into the interface, or selecting it in the file browser. ExactFile will compute all supported hashes and display a report in the end listing them all.

The generated information can be copied to the clipboard. More interesting is the ability to create a digest. A digest contains hash values of all files found in a selected folder and its subfolders.

It is again possible to drag and drop a folder into the program window, or to use the file browser to pick a folder from the system. Available options are to include subfolders, full paths in the output and to out the checksums to a file.

All supported hash methods are available, but only one can be selected for the process.

ExactFile will process all files in the selected folder structure and display a similar results window in the end.

The calculations are speedy and use all available cpu cores by default. The results are stored in the selected file and displayed to the user directly. It is here again possible to copy them to the clipboard.

The test digest menu is available to test a previously generated folder hash. All it takes is to select the digest file, click verbose report and then go to compare the previously generated hash values of the files with the current ones.

One interesting application for this would be to generate the hashes before sending the files to another user. The receiving user could then test the validity of the files by running the previously generated checksum file against the received files.

An option to create a test file applet is available to make this easier. Instead of having to use the file integrity software to check the files, it is possible to generate and use a standalone executable generated by the program to do the same. Ideal for putting it on burned CDs or DVDs, or sending it along with the files for the recipient to check.

Exact File is a sophisticated file verification tool for the Windows operating system. Especially the option to test and verify the integrity of all files in a folder is welcome, coupled with the option to create a standalone executable to verify the integrity at all times.

What the developer of Exact File says:

• A file integrity verification tool:

  Use it to make sure files copied to CD-ROM are bit-perfect copies,
  Use it to make sure backups copied from one drive to another are just right,
  Use it to make sure files haven’t been changed or damaged over time.

• Multi-threaded, so your extra CPU cores get used when scanning multiple files and work gets done faster.
• Happy with Unicode file names, so it doesn’t fail when you’re using it on files named in Japanese, Hebrew, Chinese, or any other language.
• Supports multiple checksum routines (hashes), like MD5, SHA1, CRC32, RIPEMD and others.
• Supports recursive directory scanning.
• Supports Very Big Files — If it’s on your hard drive, ExactFile can handle it.
• Does everything popular file summer utilities do, like fsum, md5sum, sha1sum, sfv, etc, but better!
• Compatible with popular file checksum digest formats.
• For Windows 2000, XP, and Vista.
• GUI. Easy to use to get checksums for individual files, create checksum digests, and test checksum digests. Does not require the console version or any external DLLs.

Interested users can download Exactfile from the developer homepage. The program is compatible with most 32-bit and 64-bit editions of the Windows operating system.

Fingerprint calculates hash values of every file during the first selection unlike many other tools that simply report file size or file date modifications. This way might take a bit longer but it ensures that every modification can be noticed as the program compares the hash values and not data that can be easily modified.

Some aspects of a directory scan can be configured during setup. It is for instance possible to include or exclude files from the scan, switch from hash generation to file size, date and time records or schedule scans for the profile.

The Windows Task Scheduler is used to schedule file comparisons at a later time or on a regular basis. File changes will be written to a log file that is automatically displayed in the default web browser of the computer system. Fingerprint is a small program for the Windows operating system that can be downloaded from the developer’s website.

The software program does not act automatically. The user has to select files or folders that he wants to calculate hash values for. Once they are stored in the database it is possible to check the files at anytime to see if the file has been changed in the meantime.

A set of 21 different hash algorithms including popular algorithms like MD5, SHA-512 or CRC-32 is available and at the user’s disposal. Results can be saved or loaded so that they are available whenever they are needed.

Other interesting options include Windows Shell integration, a command line version, drag and drop support, Unicode support or search and grep using regular expressions. All in all a very sophisticated tool to check the file integrity of selected files.

Common sense tells us that the IP address is the major information needed to identify a user, but there are other information available to other users of P2P networks that can be used to track users even if the IP address changes. Those are, among other data the software and version used as well as the MAC address of the computer.

These two values are used to generate a hash that identifies the user even if his IP changes because the IP is not relevant for tracking users over a period of time. It is still recorded though with additional information like shared files, date and time, servers and all other information available.

It could be that even more information are used to calculate the hash value. Everything that is not changed regularly could be possible. The hash value of a new user is then compared to a database table that contains the hash values of users that have been using the P2P network and linked if a match is found.

So for the first Part of this – hopefully ongoing – series, I decided to look at the MD5 hash algorithm. It’s one of the most commonly used cryptographic algorithms out there and I would claim that nearly everyone has a password somewhere that is stored with an MD5 or similar hash.

MD5 stands for Message-Digest Algorithm 5, and is – as already mentioned and you probably already knew – a hash algorithm.

The MD5 hash algorithm is in simple terms a deterministic function (or blackbox) that will calculate a 128-Bit hash value from a given string of well-nigh any length … yeah, I had to read this sentence over a few times, and it’s just rubbish. If I wanted to write something like that, I could’ve gone Wikipedia. So let’s crack this one open.

You feed the MD5-Box a string of any length you want. This “string” doesn’t have to be alphanumeric of course, any stream of bits and bytes is just fine, like the bitstream of a file, for instance. The output string has always a length of 128 bits and is usually noted as a string of 32 octets, like this one: “B5A8AD3A9CDD6A6953FCBE6975FDE734″ (try guessing what I typed in though).

One of the most important things about hashes is, that they are so-called one-way-functions, meaning, they only encrypt stuff, and can’t – and must not – be decrypted. So hashes are often used for storing passwords in a databases. The same plaintext will always be hashed to the same cipher text with MD5, so all you have to do to check if your password and the stored (hashed) password are identical is to compute the hash of the given password and compare it with the stored one.

There are several demands a good hash-function has to meet in order not to get cracked in the first two hours of its lifetime.
The first one is, that a minor change in the plaintext (like “ghacks” and “gHacks”) should have a big impact on the computed hash (“D1B81FBDEB51C3A850E37177A5A22498″ and “DB3E20DC88EF0B6CA6A8FD5DA448D323″). If the difference would be only minor, and I know the plaintext and hash of “ghacks” (which I do, of course), and have the hash of “gHacks” without the knowledge of its plaintext, I could easily guess it.

The second very important demand is that a hash-function produces a much smaller memory imprint than the original stream. If you hash an 11MB installer to verify its integrity and have to download another 10MB of hash file as well, it’s pretty useless. There are lots of other points to keep an eye on, but these will (and have to) suffice.

As I mentioned already, hash-functions such as MD5 are most commonly used to store passwords without actually storing them in plaintext, and to verify the integrity of files. When you put a file online, just compute the hash and publish it together (but separate) with the file. Ever user would be able to determine if the downloaded file has been tampered with by simply comparing the hash of the downloaded file with the one published on the website.

Now I’d like to say something about security and known (and partly successful) attacks against hashes and MD5 in particular.
Due to the reduction (a 2MB file gets reduced to a 32-octet hash), information gets lost. This gets perfectly clear, if you take a look at the numbers. There are only 2^128 possible hash values, but infinite possible plaintexts. So in a best-case-scenario, after hashing plaintext numbers (2^128)+1 you have at least two plaintexts getting mapped on one and the same hash value.

So the first attack tries to make use of this very fact. When the same hash value is calculated from two different plaintexts, it is called a collision. Depending on the scenario of the attack using collisions, the birthday paradox comes in handy as well, increasing the attackers chance of success.

That would mean that you do not attempt to break the encryption or guess the user’s password when trying to crack a password, but just try to create another password that leads to the very same hash value, granting you access to the account. Of course, knowledge of the hashed password is required, but without that information, most attacks on modern ciphers are more than just tricky.

Edit: please take a look at comments for more clarification on the types of attacks mentioned above.

The second attack is based on a brute-force attack, which is basically “try all possible keys/passwords”. Depending on the numbers this could take some time. Let’s say you’ve already acquired the target hash value and your machine is able to try 100 keys per ms. That would make 100.000 keys per second, and 6.000.000 keys per minute. 2^128 hash values. That’s 3.4E38. We’re talking “age of the universe in seconds”-numbers here.

But there’s more to it than meets the eye. There are several options to reduce the available possibilities. Can you reduce the amount of possible plaintexts maybe? Maybe the password only allows to be 8 alphanumeric letters long? Can you have a look at the used algorithm and find something that may help you further? Do you know part of the plaintext? Maybe a name of son/wife/pet? Then you could combine it with a dictionary-attack. Every bit of information helps reducing the number of possibilities further, which in the end leads to a situation like this:

The following is a description of an attack to crack the user passwords of windows accounts (up to XP), and implemented in a near-perfect way by ophcrack. If interested, do make sure to check this tutorial, it’s quite fascinating and yet unbelievably scary.

Windows saves hash values of the user passwords, but if a password is longer than 7 signs, it gets broken up into chunks of length <= 7. Then the chunks get converted to uppercase only. Microsoft used DES for creating the hashes, but there’s no difference regarding this kind of attack.

So the attacker knows pretty much about the plaintext and can reduce its possibilities by a great deal. Now a computer starts calculating all possible hash values for this particular range of plaintexts (up to 7 digits, uppercase, numbers and some special characters only) and stores them in a database. Once finished, the database is from about 0.7 to 4 GB in size and can be easily transported using a thumb drive or a DVD.

Now all the attacker needs is a few minutes alone with the target computer and it’s done. Again, check the tutorial mentioned above, it kinda blew my mind. 1.7 minutes was the average time in this experiment for cracking a password to your windows account. Ouch.

Since I read and heard all of the above some time ago, I started wondering about the benefits and risks of using MD5. Most security experts discourage the use of MD5 nowadays for its known vulnerability to collision attacks. It should be replaced by something like the SHA-1 or since it is kind of outdated as well the even newer SHA-512. But that doesn’t help against the attack last mentioned, apart from increasing the possible hash values to even greater dimensions.

After some time, I found this very helpful article about spicing up your hashs to be more secure. I have to say though, these tips are NOT increasing the security of your hash function in a mathematical way. Luckily, the real world’s not all about math, so I think they are an easy way to get some extra security.

Edit: Please keep in mind that the tutorial posted here is not a perfect implementation of salts. It’s – as always – a source for ideas, not a perfect solution. But I always like it more if it’s explained like that, easy and understandable and in a rather digestible way. Please correct me if I’m mistaken.

If you want to screw around with MD5 a bit, here’s a link to an applet where you can do just that (SHA-1 as well). Switch to MD5, enter some text and press “Text digest”. Try guessing my hash from above (reaaaal easy), if you like and post the answer in the comments. First to score gets a cookie ;)

Stay tuned for upcoming ramblings about encryption and stuff. Maybe AES will be next.