tag:dreamwidth.org,2009-05-05:290754 slowfox slowfox 2009-12-16T08:26:17Z tag:dreamwidth.org,2009-05-05:290754:83181 2009-12-16T08:26:17Z 2009-12-16T08:26:17Z calm public 9 MD5 is a hashing algorithm that attempts to verify that a given file's integrity hasn't been compromised (during a download process, or in the process of being copied from A to B etc).<br /><br />Typically, you'll have a file reference given on a web-site and, somewhere else (this is important, more later), there'll be a long string of seemingly random characters called the MD5 Sum, or MD5 Hash or whatever:<br /><br /><tt>c59b048c992804d165aed10170f003dc</tt><br /><br />What happens is that the algorithm works through the source file, and maps the first element to something new, and then feeds that result into part of the computation for the second element, and then the result of <i>that</i> into the third element etc. When it reaches the end of the file, the whole result gets fed back into the algorithm again. And again, and again for a specified number of iterations (loops). The end result of these calculations boils down to the specific MD5 Sum for the file.<br /><br />I use <a href="http://www.nullriver.com/index/products/winmd5sum">WinMD5Sum</a> on the work PC:<br /><a href="http://www.flickr.com/photos/27479072@N07/4189902246/" title="md5screenshot by slowfox999, on Flickr"><img src="http://farm3.static.flickr.com/2753/4189902246_9a7d136536_o.jpg" width="426" height="196" alt="md5screenshot" /></a><br /><br />The idea behind MD5 hashing is that even tiny changes in the original file result in significant differences in the end MD5 hash.<br /><br />For example, I created a text file called <tt>hello.txt</tt>, which contained the phrase <tt>Hello, world.</tt>.<br /><br />The MD5 sum of this worked out to be <tt>45d2c2d506211d17f99a3eb8de863f36</tt><br /><br />By changing the <i>last</i> character to a comma - <tt>Hello, world,</tt> - the MD5 sum changed to <tt>c59b048c992804d165aed10170f003dc</tt>, immediately telling me that the file's changed from the original. <br /><br />An MD5 sum is <i>always</i> 32 characters long, yet can be generated for files of any size. Pretty obviously, then, there will be various different kinds of files that result in the same hash - these are known (with the industry's predictable fondness for dramatic vernacular) as 'collisions'. Nonetheless, the risk of collision is pretty small (if, for example, by repeatedly going through the MD5 hashing algorithm, all files eventually boiled down to a single value, it'd obviously be useless) - that said, boffins have managed, now, to successfully construct amended files that generate the same MD5 hash, but this requires a fair bit of work and an accommodating starting point. <br /><br />Anyway, the idea is that you see a file - <tt>exciting_prog.exe</tt> - on a website and download it. By using an MD5 checksum, you can verify (beyond reasonable doubt) that the file you've downloaded is the file that the website <i>intended</i> you to download.<br /><br />(which, by the way, is a loooooooooooooooooong way from saying it's safe).<br /><br />The <b>major</b> caveat should be obvious: the situation where the file's MD5 sum is listed in <i>the same directory as the file itself</i>. Consider: if nefarious malfeasants have managed to hack the server and place a malicious file in the benign one's place, then since they've clearly got access to the server, it'd be trivial for them to also replace the posted MD5 sum with the sum to match their own malicious file.<br /><br /><img src="https://www.dreamwidth.org/tools/commentcount?user=slowfox&ditemid=83181" width="30" height="12" alt="comment count unavailable" style="vertical-align: middle;"/> comments