MD5 Hast Verification

finsfree

Member
Every once in a while I will come across an application's MD5 Hash shown in the web page.

How would I use that MD5 Hash to verify that the app is real? Is there some kind of MD5 converter out there?

Example:
upload_2018-2-2_11-21-20.png
 

Attachments

  • upload_2018-2-2_11-20-46.png
    upload_2018-2-2_11-20-46.png
    141.6 KB · Views: 1

beers

Moderator
Staff member
You'd use a utility that can MD5 or SHA against the file you downloaded, it should match the value they list for the image. I'd try to use the strongest one they offer since things like MD5 are vulnerable to collision attacks, meaning you can have two distinctly different files with the same MD5 checksum. Something like SHA256/512 is more secure in that regard, but usually they provide the hash of the file so you both can see that it hasn't been modified as well as verify that the download is bit for bit as intended (ie, not corrupted while transferring or similar).

http://www.softpedia.com/get/Security/Security-Related/MD5-and-SHA-1-Checksum-Utility.shtml
 

finsfree

Member
Gotcha, like a thumb print.

Someone could run the hash of a Will before sending it out to make sure nobody alters it.
 

Agent Smith

Well-Known Member
I use HashCalc. http://www.slavasoft.com/hashcalc/

phpBB had their latest update altered and it was on the server for three hours. If people who downloaded it and didn't verify the hash, I pity them. No, not really... they are an imbecile.

Granted if the hash on the site is alerted to match the altered download, then you are SOL. That's why you separate both. I use Virus Total for most stuff I download as well.
 
Top