Jump to content
CCleaner Community Forums
Tom AZ

MD5 Checksum Question

Recommended Posts

I think it depends on its use. From what I've read then for file verification it's as good as you'll need. It's only when you have security or cryptographic considerations where you'd have cause for concern - both MD5 and SHA-1 have known vulnerabilities.

 

A coupe of decent wiki articles - http://en.wikipedia.org/wiki/MD5 and http://en.wikipedia.org/wiki/Md5sum.

 

Hashtab is a really good app that puts a file hashes tab on the file properties page. It has a wide range of algorithms available, and provides an easy comparison mechanism. http://beeblebrox.org/

Share this post


Link to post
Share on other sites

MD5 is reliable however there's also SHA in various bit depths for even more "security." Remember that Karen's tool we dicussed a while back that can produce the checksum?

 

I personally use MD5 to verify software downloads to make certain they match what a website states it is (such as PortableApps.com which lists all MD5's for their downloads), if they don't match or don't have a valid digital signature (VeriSign, Comodo, Microsoft, etc.,) I won't install the software as that can mean it's been tampered with or infected.

 

Edit:

I also use dsSFV, and DVDsig. Both use CRC32, whilst DVDsig is more suited for burning onto discs to later verify them. Both are available here. Note: Antivirus software detects a malware in the dsSFV setup file, so only download the "no-setup option" version.

Share this post


Link to post
Share on other sites

I do have that Karen's tool, Andavari. Where does CRC32 fit into all of this? When would you opt for CRC32 as opposed to MD5 or SHA?

Share this post


Link to post
Share on other sites
Where does CRC32 fit into all of this? When would you opt for CRC32 as opposed to MD5 or SHA?

They are all just different algorithms. If you think that effectively they are just checksums that use different calculations to derive the hash.

 

The one you tend to see very commonly for file hashing is MD5 (128 bit). SHA1 is more secure at 160 bit. CRC32 is shorter (32 bit?) and less secure. By 'secure' in this context I mean the likelihood of a collision; i.e. two different values producing the same hash.

 

With MD5 this is very unlikely to be a problem for a file hash. The chances of this happening with CRC32 must be greater, but possibly still not significant.

 

If you're using hashes to verify files you're downloading then you have to go with the hash you're given. If you go to filehippo and look at all of the versions there you will see MD5 hashes (on the 'Technical' tab). The thing with hashes is that they take time to calculate. So the more secure the hash algorithm, and the more or bigger the files you're hashing, the longer the time they'll take to compute. MD5 is an excellent compromise.

 

If you're using hashes on your own PC to see whether files have changed then the algorithm is less important. A few bytes difference in file versions will give you a different hash, no matter which algorithm you're using.

 

Karen's hasher is great for processing files en masse. The tab tool I mentioned is great for verifying a file download hash.

Share this post


Link to post
Share on other sites

Andavari, which hash checking program do you prefer using . . . Karen's "Hasher" or NirSoft's "Hash My Files?"

Share this post


Link to post
Share on other sites

...

Interesting topic considering i was right about to make a program that used these algorithms to verify itself

Share this post


Link to post
Share on other sites
Andavari, which hash checking program do you prefer using . . . Karen's "Hasher" or NirSoft's "Hash My Files?"

I use:

* SummerProperties (not portable, free)

* NirSoft HashMyFiles (fully portable, free)

* dsSFV (fully portable, free, only download the no setup version as detailed here)

* DVDsig (fully portable, free)

* DiamondCS MD5 (fully portable, free)

 

Edit:

Forgot to mention which one I prefer using.

 

Everyday use, in no particular order:

SummerProperties because it's conveniently in the right click area as a new tab.

dsSFV because I can put an SFV file with setup files, video files, etc.

DVDsig on CDs/DVDs to later verify them to make sure all files can be read - very important.

 

Rare use:

NirSoft HashMyFiles, I actually forget I have it installed most of the time.

 

Portable only use, I rarely if ever use it:

DiamondCS MD5

Share this post


Link to post
Share on other sites

SummerProperties sounds like the HashTab that I use (mentioned above). Check it out; it seems to be more recent and certainly has good range of available hashes.

 

DiamondCS looks good - I've downloaded that for a play.

Share this post


Link to post
Share on other sites
DiamondCS looks good - I've downloaded that for a play.

I keep that portable program on each and every one of my USB Thumb Drives, it comes in very handy!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...