Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

why are downloads sometimes tagged md5, sha1 and other hash indicators?

I've seen this all over the place:

Download here! SHA1 = 8e1ed2ce9e7e473d38a9dc7824a384a9ac34d7d0

What does it mean? How does a hash come into play as far as downloads and... What use can I make of it? Is this a legacy item where you used to have to verify some checksum after you downloaded the whole file?

like image 523
mauriciopastrana Avatar asked Aug 21 '08 17:08

mauriciopastrana


People also ask

What is SHA1 and MD5?

Both MD5 stands for Message Digest and SHA1 stands for Secure Hash Algorithm square measure the hashing algorithms wherever The speed of MD5 is fast in comparison of SHA1's speed. However, SHA1 provides more security than MD5.

Does MD5 protect against download errors?

An MD5 hash is a form of validation. If a single bit in the file is different, the provided hash will not match the one generated from the file you downloaded. This alerts you to an error in transmission or foul play (rare).

Is MD5 still good for checksum?

The MD5 hash function was originally designed for use as a secure cryptographic hash algorithm for authenticating digital signatures. But MD5 has been deprecated for uses other than as a noncryptographic checksum to verify data integrity and detect unintentional data corruption.


2 Answers

It's a security measure. It allows you to verify that the file you just downloaded is the one that the author posted to the site. Note that using hashes from the same website you're getting the files from is not especially secure. Often a good place to get them from is a mailing list announcement where a PGP-signed email contains the link to the file and the hash.

Since this answer has been ranked so highly compared to the others for some reason, I'm editing it to add the other major reason mentioned first by the other authors below, which is to verify the integrity of the file after transferring it over the network.

So:

  • Security - verify that the file that you downloaded was the one the author originally published
  • Integrity - verify that the file wasn't damaged during transmission over the network.
like image 66
jj33 Avatar answered May 30 '23 16:05

jj33


When downloading larger files, it's often useful to perform a checksum to ensure your download was successful and not mangled along transport. There's tons of freeware apps that can be used to gen the checksum for you to validate your download. This to me is an interesting mainstreaming of procedures that popular mp3 and warez sites used to use back in the day when distributing files.

like image 38
bakasan Avatar answered May 30 '23 14:05

bakasan