File integraty check

Discussion in 'other software & services' started by Bethrezen, Jan 10, 2009.

Thread Status:
Not open for further replies.
  1. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    I'm wondering if anyone knows how one you use a published checksum to verify the integrity of a file ??

    I understand the basic premiss of a checksum in that its works like a fingerprint and if the fingerprint of the file you have doesn't match the fingerprint published on the web site then you know the file is not genuine

    what I don't know is how I actually go about using a checksum to verify the integrity of a file for example each new version of spybot comes with an md5 checksum the current one being

    md5: 0E7FBF50F87B3B7C384A2471154A7558

    the question is how do I actually check to see that the checksum of the file I have matches the checksum on there site ??

    do I need some sort of third party software ?? or would the checksum function be built in to the file its self anyone know ??
     
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Bethrezen,

    You need indeed a third party program for this. There are a lot of them, both free and paid-for.
    Some of them are giving you the feature of adding an entry in your right-click menu in Explorer.
    Some are giving you the option to choose between several different HASH-algorithms (for example: MD5, SHA-1, etc).

    Just two examples:

    HashTab (free)
    http://beeblebrox.org/hashtab/

    Karen's Hasher (free):
    http://www.karenware.com/powertools/pthasher.asp

    How does it work what you want:

    You download a file, say the installation-file of Spybot S&D from:
    http://www.safer-networking.org/en/download/index.html

    That site tells you the MD5 checksum of that file.

    Now you let your third-party checksum tool calculate the MD5 checksum of that file on your system.
    If that checksum (calculated on your system) is the same one as published on that site (in this case the Spybot S&D site), then you know that you have the right file and that it is not corrupted for some reason.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,

    md5 or sha-1 hash is a one way function. So theoretically, once you run an md5 or sha-1 utility against a file, it creates a unique identifier called hash. Any change to the file would result in a different hash, allowing you to know whether the file has been tampered with. You indeed need such a utility to check the downloaded file. This is also good to see there are no errors in the download, especially big files.

    Furthermore, to check the file real format, you may want to use the Windows port of the gnu utility called "file".

    You can read a bit here if you want:
    http://www.dedoimedo.com/computers/file_type.html

    Mrk
     
  4. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    thanks for ya replys will look into them
     
  5. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  6. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I use HashOnClick freeware. http://www.2brightsparks.com/freeware/freeware-hub.html

    It integrates into the right click menu and makes use of Windows clipboard. You can copy the MD5, SHA1 or CRC32 text into the clipboard and then have HashOnClick calculate the hash on the file in question. If they match, you're good to go. (HashOnClick will always tell you if the calculated hash was found in the clipboard or not.)

    Because it uses the clipboard, you can also use it to calculate 2 files hashes in a row. If they match, you'll know they are the same version. (I use this once in a while to see if I already have the same version as the latest one available at websites.)
     
Loading...
Thread Status:
Not open for further replies.