Saturday, 14 January 2017

Using MD5

In this era of information, we are constantly downloading softwares, updates, new releases/versions, etc, and the sizes of these packages also have increased dramatically of late. To check if the downloaded software is complete, most sites now use MD5 algorithm that produces a 128-bit hash value. It can be used to verify the data intergrity of any downloaded software

The modus operandi is quite simple. After the software is downloaded, you run the MD5 program on your computer to generate the 128-bit hash value. If that compares with the one mentioned in the site from where the software is downloaded, then, the downloaded software is complete.

As an example, I recently downloaded R software, R-3.3.2-win.exe, from here. The true fingerprint of this package is given on the site as b2a206741bec6e837513c9929ea0c5d9. To compute the MD5 for the downloaded R software, we can use CertUtility as mentioned here.

The command is shown below:




 This matches the fingerprint on the R download site. So, the data integrity of the downloaded software has been maintained