MD5 Hast Verification

Discussion in 'Computer Security' started by finsfree, Feb 2, 2018.

  1. finsfree

    finsfree Member

    Messages:
    260
    Every once in a while I will come across an application's MD5 Hash shown in the web page.

    How would I use that MD5 Hash to verify that the app is real? Is there some kind of MD5 converter out there?

    Example:
    upload_2018-2-2_11-21-20.png
     

    Attached Files:

  2. beers

    beers Moderator Staff Member

    Messages:
    7,936
    You'd use a utility that can MD5 or SHA against the file you downloaded, it should match the value they list for the image. I'd try to use the strongest one they offer since things like MD5 are vulnerable to collision attacks, meaning you can have two distinctly different files with the same MD5 checksum. Something like SHA256/512 is more secure in that regard, but usually they provide the hash of the file so you both can see that it hasn't been modified as well as verify that the download is bit for bit as intended (ie, not corrupted while transferring or similar).

    http://www.softpedia.com/get/Security/Security-Related/MD5-and-SHA-1-Checksum-Utility.shtml
     
  3. finsfree

    finsfree Member

    Messages:
    260
    Gotcha, like a thumb print.

    Someone could run the hash of a Will before sending it out to make sure nobody alters it.
     
  4. Agent Smith

    Agent Smith Well-Known Member

    Messages:
    3,173
    I use HashCalc. http://www.slavasoft.com/hashcalc/

    phpBB had their latest update altered and it was on the server for three hours. If people who downloaded it and didn't verify the hash, I pity them. No, not really... they are an imbecile.

    Granted if the hash on the site is alerted to match the altered download, then you are SOL. That's why you separate both. I use Virus Total for most stuff I download as well.
     

Share This Page