Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

why are downloads sometimes tagged md5, sha1 and other hash indicators?

Tags:

hash

download

checksum

I've seen this all over the place:

Download here! SHA1 = 8e1ed2ce9e7e473d38a9dc7824a384a9ac34d7d0

What does it mean? How does a hash come into play as far as downloads and... What use can I make of it? Is this a legacy item where you used to have to verify some checksum after you downloaded the whole file?

like image 523
mauriciopastrana Avatar asked Aug 21 '08 17:08

mauriciopastrana

People also ask

What is SHA1 and MD5?

Both MD5 stands for Message Digest and SHA1 stands for Secure Hash Algorithm square measure the hashing algorithms wherever The speed of MD5 is fast in comparison of SHA1's speed. However, SHA1 provides more security than MD5.

Does MD5 protect against download errors?

An MD5 hash is a form of validation. If a single bit in the file is different, the provided hash will not match the one generated from the file you downloaded. This alerts you to an error in transmission or foul play (rare).

Is MD5 still good for checksum?

The MD5 hash function was originally designed for use as a secure cryptographic hash algorithm for authenticating digital signatures. But MD5 has been deprecated for uses other than as a noncryptographic checksum to verify data integrity and detect unintentional data corruption.

2 Answers

It's a security measure. It allows you to verify that the file you just downloaded is the one that the author posted to the site. Note that using hashes from the same website you're getting the files from is not especially secure. Often a good place to get them from is a mailing list announcement where a PGP-signed email contains the link to the file and the hash.

Since this answer has been ranked so highly compared to the others for some reason, I'm editing it to add the other major reason mentioned first by the other authors below, which is to verify the integrity of the file after transferring it over the network.

So:

  • Security - verify that the file that you downloaded was the one the author originally published
  • Integrity - verify that the file wasn't damaged during transmission over the network.
like image 66
jj33 Avatar answered May 30 '23 16:05

jj33

When downloading larger files, it's often useful to perform a checksum to ensure your download was successful and not mangled along transport. There's tons of freeware apps that can be used to gen the checksum for you to validate your download. This to me is an interesting mainstreaming of procedures that popular mp3 and warez sites used to use back in the day when distributing files.

like image 38
bakasan Avatar answered May 30 '23 14:05

bakasan
Sign in to Comment

Related questions

Ruby on Rails 3 .each do Problem
Is it possible to identify a hash type?
SHA1 hashing in SQLite: how?
What is the idiomatic way in Perl to determine whether a string variable matches a string in a list?
PHP - Hash contents of uploaded file
A data structure for a phone book such that it can search a number by name and also search a name by number
Whay is the most elegant way to turn a hash inside out?
How to correctly iterate through params
How to get min key value pair in hash
How do I convert XML into a hash in Rails?
Add a hash to an array?
get list of anagrams from a dictionary
map_values() for Ruby hashes?
PHP - Generate an 8 character hash from an integer
Does SHA256 favor integers?
Asp.net MVC - How to hash password
djb2 Hash Function
Ruby split String into two sections and put in hash with predefined keys
Using MD5 in symfony2 security.yml for legacy users
iterating hash collection

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!