Checking MD5 SHA1 etc hashes to verify files
You may have noticed that websites are now offering “checksums” beside their downloads. The most common ones are MD5 and SHA1. What are these things you ask?
Well, they’re like digital fingerprints. Once you have a file ready to distribute you can run it through a hash generator to create its unique fingerprint. If even one character in the file is changed, you can find a huge difference
For example
04D4E66B9FD990E83E5E0BBB558A5167
compared to
50066833A0A6B4369D1CD5A9A4F3542D
And that big difference is due to me changing JUST ONE “0” to a “1”. That’s it, otherwise, it was the same file.
There are many good programs to check your file’s digital finger print, but I use https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/ which I found through download.com. Download and install it or use your own checker.
So let’s run through the process of checking md5s/hashes.
I’ll be downloading Xampp for windows from Apache Friends.
You’ll see that when you mouse over the md5 and sha1 it will display the fingerprint value.
Select your download, click it and leave this page open.
Once it’s downloaded open up the checker.
Click browse and locate your downloaded file.
Your checker will automatically generate all the hashes like below.
At this point you can do one of two things.
You can either enter the correct hash in the bottom box or you can eyeball it.
Doing it the sure way
If you enter the hash in the box below and it matches you’ll get:
If it doesn’t match you’ll get a Hash Does not match! Error like below.
Eyeballing it
Now the second way is not as “secure” but it’s pretty dang close. Eyeballing it involves looking at the first 6ish numbers and the last 6ish numbers between the website and the checker. If both sets match, then you can be really sure that they are the same file. Because as I showed earlier, if even one number is changed the fingerprint is completely different.
That’s pretty much it.
What steps do you take to ensure that the files you download are the right files? Do you ever wonder if you’re going to download a virus when downloading?
[…] want to do is download XAMPP from https://www.apachefriends.org/download.html. I recommend that you check your MD5s and SHA1s, and if you don’t know how to do that, I made a post on it. If you’re going to use my post, I recommend doing it the secure way not the eyeballing way. As […]
[…] It should then start downloading. Once downloaded, check your checksums to verify the file. […]