Jump to content

MD5 Checksum Question

Tom AZ

Recommended Posts

I think it depends on its use. From what I've read then for file verification it's as good as you'll need. It's only when you have security or cryptographic considerations where you'd have cause for concern - both MD5 and SHA-1 have known vulnerabilities.


A coupe of decent wiki articles - http://en.wikipedia.org/wiki/MD5 and http://en.wikipedia.org/wiki/Md5sum.


Hashtab is a really good app that puts a file hashes tab on the file properties page. It has a wide range of algorithms available, and provides an easy comparison mechanism. http://beeblebrox.org/

Link to comment
Share on other sites

  • Moderators

MD5 is reliable however there's also SHA in various bit depths for even more "security." Remember that Karen's tool we dicussed a while back that can produce the checksum?


I personally use MD5 to verify software downloads to make certain they match what a website states it is (such as PortableApps.com which lists all MD5's for their downloads), if they don't match or don't have a valid digital signature (VeriSign, Comodo, Microsoft, etc.,) I won't install the software as that can mean it's been tampered with or infected.



I also use dsSFV, and DVDsig. Both use CRC32, whilst DVDsig is more suited for burning onto discs to later verify them. Both are available here. Note: Antivirus software detects a malware in the dsSFV setup file, so only download the "no-setup option" version.

Link to comment
Share on other sites

Where does CRC32 fit into all of this? When would you opt for CRC32 as opposed to MD5 or SHA?

They are all just different algorithms. If you think that effectively they are just checksums that use different calculations to derive the hash.


The one you tend to see very commonly for file hashing is MD5 (128 bit). SHA1 is more secure at 160 bit. CRC32 is shorter (32 bit?) and less secure. By 'secure' in this context I mean the likelihood of a collision; i.e. two different values producing the same hash.


With MD5 this is very unlikely to be a problem for a file hash. The chances of this happening with CRC32 must be greater, but possibly still not significant.


If you're using hashes to verify files you're downloading then you have to go with the hash you're given. If you go to filehippo and look at all of the versions there you will see MD5 hashes (on the 'Technical' tab). The thing with hashes is that they take time to calculate. So the more secure the hash algorithm, and the more or bigger the files you're hashing, the longer the time they'll take to compute. MD5 is an excellent compromise.


If you're using hashes on your own PC to see whether files have changed then the algorithm is less important. A few bytes difference in file versions will give you a different hash, no matter which algorithm you're using.


Karen's hasher is great for processing files en masse. The tab tool I mentioned is great for verifying a file download hash.

Link to comment
Share on other sites

  • Moderators
Andavari, which hash checking program do you prefer using . . . Karen's "Hasher" or NirSoft's "Hash My Files?"

I use:

* SummerProperties (not portable, free)

* NirSoft HashMyFiles (fully portable, free)

* dsSFV (fully portable, free, only download the no setup version as detailed here)

* DVDsig (fully portable, free)

* DiamondCS MD5 (fully portable, free)



Forgot to mention which one I prefer using.


Everyday use, in no particular order:

SummerProperties because it's conveniently in the right click area as a new tab.

dsSFV because I can put an SFV file with setup files, video files, etc.

DVDsig on CDs/DVDs to later verify them to make sure all files can be read - very important.


Rare use:

NirSoft HashMyFiles, I actually forget I have it installed most of the time.


Portable only use, I rarely if ever use it:

DiamondCS MD5

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.