Checking MD5 SHA1 etc hashes to verify files
You may have noticed that websites are now offering “checksums” beside their downloads. The most common ones are MD5 and SHA1. What are these things you ask?
Well, they’re like digital fingerprints. Once you have a file ready to distribute you can run it through a hash generator to create its unique fingerprint. If even one character in the file is changed, you can find a huge difference
And that big difference is due to me changing JUST ONE “0” to a “1”. That’s it, otherwise, it was the same file.
There are many good programs to check your file’s digital finger print, but I use https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/ which I found through download.com. Download and install it or use your own checker.
So let’s run through the process of checking md5s/hashes.
I’ll be downloading Xampp for windows from Apache Friends.
You’ll see that when you mouse over the md5 and sha1 it will display the fingerprint value.
Select your download, click it and leave this page open.
Once it’s downloaded open up the checker.
Click browse and locate your downloaded file.
Your checker will automatically generate all the hashes like below.
At this point you can do one of two things.
You can either enter the correct hash in the bottom box or you can eyeball it.
Doing it the sure way
If you enter the hash in the box below and it matches you’ll get:
If it doesn’t match you’ll get a Hash Does not match! Error like below.
Now the second way is not as “secure” but it’s pretty dang close. Eyeballing it involves looking at the first 6ish numbers and the last 6ish numbers between the website and the checker. If both sets match, then you can be really sure that they are the same file. Because as I showed earlier, if even one number is changed the fingerprint is completely different.
That’s pretty much it.
What steps do you take to ensure that the files you download are the right files? Do you ever wonder if you’re going to download a virus when downloading?