Friday, March 21, 2008

How to MD5

The program md5sum is designed to verify data integrity using the MD5 (Message-Digest algorithm 5) 128-bit cryptographic hash. MD5 hashes used properly can confirm both file integrity and authenticity.
In terms of integrity, an MD5 hash comparison detects changes in files that would cause errors. The possibility of changes (errors) is proportional to the size of the file; the possibility of errors increase as the file becomes larger. It is a very good idea to run an MD5 hash comparison check when you have a file like an operating system install CD that has to be 100% correct.
In terms of security, cryptographic hashes such as MD5 allow for authentication of data obtained from insecure mirrors. The MD5 hash must come from a secure source (an HTTPS page) of an organization you trust. While security flaws in the MD5 algorithm have been uncovered, MD5 hashes are generally sufficient for casual use. Please refer to the secure UbuntuHashes page for the official list of Ubuntu MD5 hashes.

MD5SUM on Linux
Most Linux distributions come with the md5sum utility so installation is usually unnecessary. We are going to use the Ubuntu 6.10 Desktop install CD for the following example:
First go to the correct directory to check a downloaded iso file
#cd download_directory
Then run the following command from within the download directory.
#md5sum ubuntu-6.10-desktop-i386.iso
The md5sum should print out a single line after calculating the hash:
b950a4d7cf3151e5f213843e2ad77fe3 ubuntu-6.10-desktop-i386.iso
Compare the hash (the alphanumeric string on left) that your machine calculated with the corresponding hash on the UbuntuHashes page. When both hashes match exactly then the downloaded file is almost certainly intact. If the hashes do not match, then there was a problem with either the download or a problem with the server. You should download the file again from either the same mirror, or from a different mirror if you suspect a server error. If you continuously receive an erroneous file from a server, please be kind and notify the webmaster of that mirror so they can investigate the issue.

No comments: