Skip to main content

Verify MD5 Checksum (Windows, Linux, Mac)

I want to talk a little about MD5's, because every once in a while when downloading a file you might see something like:
MD5: DrunkenTwoYearOldTypingOnAKeyboard
So, let's do some explaining. MD5 is a fingerprint or "message digest" (the actual meaning of MD), AKA checksum, of a file. The MD5 algorithm is intended to provide a digital signature for large files that are compressed, and before they are encrypted with a private (or secret) key. The idea is that if a file has been tampered with, or the download was unsuccessful, you will receive a different MD5 checksum than the original or the one provided is. In short, MD5 is used to verify data's integrity. You can check out the MD5 Wiki HERE if you want more information.

Now, in this post we will look at verifying a MD5 checksum. This could be one that a friend provided you for a file or message, or could be one that was provided with a download (more common). Especially if you are like me and have a tendency to root your phones. It's also nice to verify a MD5 for most larger downloads. This can help to reveal any changes in the download which could signify that the original file was tampered with, the download was incomplete, or someone is attempting a man-in-the-middle attack and has tampered with your download.

Let's get to verifying a MD5. This can be done a couple of ways, and we'll explore them all.

Using OpenSSL (works on anything with it installed)

This method can be done on any system with OpenSSL installed (so, Windows, Linux and MAC). Pull up a command prompt, or terminal. For you Windows folks, if you don't have OpenSSL registered in your environment variables, you will need to go to the OpenSSL Install directory, specifically the "bin" folder. The other two guys (Linux and MAC) just need to open the terminal. Now, enter the following command:
openssl md5 FileName
You'll be given some output in the command prompt/terminal that should match the MD5 that was provided with the file/download.

The Windowz Way 

So, Microsoft has this little utility called the File Checksum Integrity Verifier (FCIV) utility. This (at least with Windows 7) does not come pre-installed on your machine. However, Microsoft has a really nice KB article that goes over the download and install of the utility. This KB can be found HERE, or you can search for "Microsoft KB 841290" in your search engine of choice and the article will come up. Once FCIV has been installed, open a command prompt and enter the following:
FCIV -md5 -sha1 path\FileName
For example, checking a file in your Downloads folder:
FCIV -md5 -sha1 C:\Users\[UserName]\Downloads\FileName 
Alternatively, i recently cam across a handy little utility by Jim Berkes called "md5sums". More information about his program and its download can be found over at pc-tools.net (the direct link is HERE).

The basic instructions are as follows. Either open a command prompt and use the "cd" command to get to the directory of the file or open file explorer, navigate to the file and right click to select "Open Command Window Here". Once you're to the location of the file enter the following:
md5sums.exe C:\path\to\file.txt
Additionally, you could move the "md5sums.exe" file to C:\Windows. You would then be able to execute the command from any location. You could then open a command window in the target file's directory and simply execute:
md5sums file.txt
Linux 

Most Linux distributions come with a command known as 'md5sum'. So, verifying a MD5 is as simple as pulling open a terminal, getting to the directory of your choice, and entering:
md5sum FileName
The OS X Way

OS X, like Linux, comes with a similar command. But because they like to be different, the command is simply 'md5'. So, on our MacBook, pull up a terminal (for those that have never used one, it can either be found by opening Finder > Utilities > Terminal or by doing the 4-finger pinch and searching for it), get to the directory of the file and enter:
md5 FileName

Whatever your method of choice is, if the MD5's don't match, then something fishy is going on... If you just want to play around with MD5, open your favorite text editor and save a blank document. Then (using your chosen method above) get the MD5 checksum. Then do some typing, save the file, and get the MD5 again. Ideally you should see a change in the checksum between the blank and changed document.
Labels:

Comments

  1. Unknown16.6.16

    Thanks for taking the time to write this up. Very well done. Much appreciated. Cheers~

    --
    Sam Smith
    Technology Evangelist and Aspiring Chef.
    Large file transfers made easy.
    www.innorix.com/en/DS

    ReplyDelete

Post a Comment

Popular posts from this blog

Visio Stencils Pack for Azure and Microsoft Integration (v5.0.0)

First off, I'd like to send a big shout out to Sandro Pereira who's been managing the vision stencils pack. Essentially, I'm re-posting his information here, because I had a really hard time finding the latest Visio pack for Azure, that wasn't a bunch of SVG's. My thought is that if more people re-post, maybe the search engines of the internet will have an easier time propagating the information... Sandero's Blog (the original post around the new stencils): https://blog.sandro-pereira.com/2019/10/18/microsoft-integration-and-azure-stencils-pack-for-visio-new-major-version-available-v5-0-0/ Sandero's GitHub: https://github.com/sandroasp/Microsoft-Integration-and-Azure-Stencils-Pack-for-Visio Microsoft TechNet Download: https://gallery.technet.microsoft.com/Collection-of-Integration-e6a3f4d0 I will say, and maybe it's just because I'm using Visio 2013, each icon has a boarder that needs to be removed when putting it on the page... Likely it
Post a Comment
Read more

Keto Kickin' Choffle

Alight, first recipe on the blog... If you've had a chance to reach the "About" section, you will have seen that, rather than spinning up multiple blogs, I'm just going to combine my passions for tech, food, health, and music into this one space. If you're not a fan, then too bad. I really just don't want to manage more than one blog.... With that, here goes nothing... So I recently came across the choffle. This is a really great, and fast to make replacement for buns. I'm also a huge fan of spicy foods. Well, I got the great idea to combine the heat with the choffle. And let me tell you, it turned out really good. I like to use this for a bun replacement when I'm in the mood for that extra kick, but not the extra toppings. Why? Because the extra toppings are now combined in the choffle. Thus removing the need for the additional toppings on my burgers. Enjoy. Kickin' choffle The choffle mix with a kick! Author: Larry L. Preparation Time: 3
Post a Comment
Read more

Replacing rsyslog with syslog-ng on RHEL 6.5

So...I had a piece of monitoring software that didn't play nice with the RHEL default rsyslog for log collection. The software was developed to only work with syslog-ng. I'll be going over the steps that I took, that worked for me, in replacing rsyslog with syslog-ng. I would imagine that these same steps should work for any Linux system similar to RHEL (Fedora, CentOS, etc.). For others (like Debein based distributions), I would need to look into that (coming in a future update to this post). First, remove rsyslog. You will need to keep the dependencies as they will be needed for syslog-ng: sudo rpm -e --nodeps rsyslog Next we will need to add the EPEL repository (more info can be found HERE ): wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm sudo rpm -ivh epel-release-6-8.rpm sudo yum repolist That last command will list all the installed repositories. You are simply verifying that the EPEL package has been installed. Now that we fi
1 comment
Read more