Verify What you Download by Calculating MD5 Sums in Windows

Written by Mark Sanborn: Jan 8, 2008

Ever downloaded something that has a weird 32 digit number/letter combination next to the download link? Or a link called md5? These numbers are a sum of the programs bits using the md5 algorithm. What the md5 algorithm does is make calculations based on the bits that make up the program. If one bit is in the wrong place altered or changed in the program the resulting md5 number/letter combination, also known as a hash, will return a completely different combination. It is kind of like a fractal. If you add or subtract the tiniest amount of data the entire result is thrown off completely.

So why is this important? What the md5 algorithm allows programmers to do is give their users or downloaders of their software the guarantee that the downloaded file is delivered exactly as intended. It like comparing the DNA of the program to the original. The author is saying hey, here is the program’s “DNA”, da1e100dc9e7bebb810985e37875de38. Now when you calculate the md5 hash of the authors program, you can compare the “DNA” of the program and verify that it is an exact match. This proves that you have received the program that the author has intended to give you. What this means is that you can be certain that the program that you have downloaded does not contain extra information, like a virus, trojan, or rootkit that is attached to the original file.

Users of linux have used md5 to verify their programs for years with one simple command:

md5 filename

But for windows users it is a little bit more difficult since it is not installed with windows by default.

Making Windows Calculate Md5 Hashes

First you will need to download an md5 hashing program.

Now once you have the md5 program you can now calculate hashes with the windows command line but it is not very convenient for you point and click windows users.

To make it easier to calculate md5sums you should copy md5sums.exe to c:/windows/system32. This way you can calculate md5 hashes using the run command. To further make it easy to calculate md5sums create a shortcut in “c:/Documents and Settings/username/SendTo”. Called md5sums. Have the shortcut point to “c:/windows/system32/md5sums.exe -p”.

Now any time you want to calculate the md5 hash of a download just right click on the file choose send to > md5sums.exe.

Do you use md5 sums when you download files?

Need to print shipping labels on your site?

Checkout my product RocketShipIt for simple easy-to-use developer tools for UPS™ FedEx™ USPS™ and more.