Author Topic: Link broken to md5 checking tool in the site  (Read 2571 times)

MCM

  • Wayfarer
  • *
  • Posts: 1
    • View Profile
Link broken to md5 checking tool in the site
« on: April 29, 2023, 06:36:34 am »
I have troubles with my internet line, and wanted to verify the package I downloaded. I tried to click on your :
"Tip: You can check if the file you downloaded is exactly the same as the one we have here downloading this tool.", which is located just under the Windows client downloading lines, in the download page of the site planeshift.it.
This leads to a 404 page, and no tool to check the md5 sum is available here.

Talad

  • Administrator
  • Hydlaa Notable
  • *
  • Posts: 799
    • View Profile
Re: Link broken to md5 checking tool in the site
« Reply #1 on: May 01, 2023, 05:57:10 am »
Hi, I updated the page now! Thanks for the notice.

Seytra

  • Forum Addict
  • *
  • Posts: 2049
  • No system can compensate lack of common sense.
    • View Profile
Re: Link broken to md5 checking tool in the site
« Reply #2 on: September 17, 2023, 03:07:24 pm »
Even Windows has an integrated MD5 (or SHA for the matter) tool, it's just hidden inside a multi-tool binary: certutil.
Usage: certutil -hashfile <file> MD5
Where "MD5" is the algorithm to use (it uses SHA1 by default, so don't forget to append that). "<file>" is the full path name of the file to be checked.

Example:
certutil -hashfile "e:\PSUnreal-Windows-0.7.36.zip" MD5

It doesn't seem to be able to check against a supplied sum, so you have to compare the output manually. For anything other than maliciously modified files, looking at the first and last three bytes suffices and speeds things up a lot. To effectively combat maliciousness you really can't use MD5 in the first place, SHA256 would be minimum (better SHA512) because MD5 is prone to collision attacks.
Also, you would have to provide the checksum via a different method / website than the corresponding file, because if an attacker can modify the webpage to change the provided binary or the link to it, then it's trivial to modify the checksum to match that.
« Last Edit: September 17, 2023, 03:53:44 pm by Seytra »