How do you manage your hash in win 7?

I was wondering what tools and techniques the Wilders community uses with checksums and hashes on files they download.

There must be some favored methods that improve the time and ease of verifying what you are downloading, rather than simply looking at the checksums and saying "looks good".

I have always used the hash tab in XP, but now am wondering on win7 what others are using.

Sul.

 

Re: How do you manage your hash?

Using HashTab as well on Windows 7 64-bit.

 

Re: How do you manage your hash?

Hi Sully,

I'm wondering whether it would be a good idea to add in your thread title the words "on Win 7". So the title would be:
"How do you manage your hash on Win 7 ?"

 

Re: How do you manage your hash?

Good point. Unfortunately it did not seem to take.

Thanks though.

Sul.

 

I tend to use digital signatures as a trust source rather than hashes. I don't tend to install much non-signed software. In such a case it's usually alpha software from a trusted repository.

 

Thank you.

Sul.

 

How much do you find is non-signed? What is your recourse if you find a non-signed software you wish to try? Do you even bother with md5 or other checksum, or do you just install it (vmware or whatever safe method you might use) ?

Isn't there a way at all in any of the browsers or managers that will show you the hash after download so that you can compare right away instead of having to use other tools?

Sul.

 

Thanks Sully and Ron for changing the thread title; I suggested it because I thought that was what Sully was asking for
I will follow this thread with interest in case I might migrate to Win 7.

(On XP I have several tools (both free and not-free) to do this; but mostly I use my much beloved old CryptoSuite.)

I am wondering whether DigestIt2004 works on Win 7.
Anyone up for testing it on Win 7?
http://www.colonywest.us/index.php?option=com_content&view=article&id=46&Itemid=56

 

I use hashtab and FileVerifier++.

Panagiotis

 

I use these same two, and also sometimes check a hash at http://fileadvisor.bit9.com/services/search.aspx.

 

None. Do I need to check the file hash on downloads I already trust?

 

Unless your crypto embedded super computer brain can do a binary comparison by simply looking at the file once you download it, umm, maybe?

I have always thought it as a bit of a hassle to view the checksum online and then open hashtab to compare. Sometimes I do, sometimes I don't, and as you elude to, it depends just how much I think I can trust the source.

I am curious if there is a method available that makes it convenient so that I am encouraged to always check the sums.

Sul.

 

I'm also interested in finding a good MD5/SHA verifier for 7.
My old XP solutions don't work on 7 yet, at least not the last time I checked.

 

I guess I always thought of it as a waste of time checking it. After all, I've never been burned once obtaining a file from a source I trust. Have I just fluked out all these years?

 

It can be a pain, for sure. But look how many applications now come with one. It is the attempt by the makers to ensure what you get is what they made, not something slipped with trojans etc. Not using it, well, obviously we can all atest to usually nothing goes wrong. But if you could use it conveniently, how much more could it become, especially to help those who can't just download and install without issues.

Sul.

 

Firefox extension DownThemAll has a field in which one can paste a hash as a download is started. DownThemAll checks the hash when the download has completed, and alerts the user to a mismatch.

 

Can the hosted download be compromised? Yes. Can the published hash be maliciously modified? Yes, so I would preferably check with trusted online databases as well.

But I don't know what is the best tool to check hashes on Windows 7 - I don't waste my time with this boring practice. If I did, I would see myself as a paranoid, because I already maintain a very small set of selected software installed, to avoid vulnerabilities and other problems and, usually, I don't download alpha/beta software, neither new unknown software and I prefer to always download from the developer page when possible.