CheckSumPro

Checksum Hash MD5, SHA-1, SHA-256, SHA-384, SHA-512

When you download a file from the internet, quite often you cannot be 100% guaranteed that the file has not been changed in some way from the original. This could either be by the site you are downloading from, corruption due to errors in the download process, an individual who has uploaded the file for you, or possibly the most dangerous, the file has been infected by malicious software.

Category:

Description

Checksum Hash MD5, SHA-1, SHA-256, SHA-384, SHA-512

When you download a file from the internet, quite often you cannot be 100% guaranteed that the file has not been changed in some way from the original. This could either be by the site you are downloading from, corruption due to errors in the download process, an individual who has uploaded the file for you, or possibly the most dangerous, the file has been infected by malicious software.

One of the ways you can identify whether a file has been changed from its original state is to check its digital signature if it has one. Or you can check the file integrity by looking at the hash value. Put simply, every file has unique data contained in it, and when you apply a certain algorithm called a “cryptographic hash function” to it, a string value is returned which is only valid for that file in the current state. If any piece of data in the file is changed, even 1 byte, and you apply the algorithm again, the value given this time will be different to the first value. And with that information you can see if the file is not the same before trying to use it.

So if you have something like an MD5 or SHA1 hash value from a website and want to check the integrity of the file you have downloaded, what do you do? What is needed is a utility to calculate a hash value using the same algorithm. This is what done ChecksumVerify App, calculate a hash value.

Hmac MD5, SHA-1, SHA-256, SHA-384, SHA-512

A Hash-based Message Authentication Code (HMAC) can be used to determine whether a message sent over an insecure channel has been tampered with, provided that the sender and receiver share a secret key. The sender computes the hash value for the original data and sends both the original data and the HMAC as a single message. The receiver recomputes the hash value on the received message and checks that the computed hash value matches the transmitted hash value.

Any change to the data or the hash value results in a mismatch, because knowledge of the secret key is required to change the message and reproduce the correct hash value. Therefore, if the original and computed hash values match, the message is authenticated.

Due to collision problems with MD5 and SHA-1, Microsoft recommends a security model based on SHA-256 or better.

Related products