MD5 Checksum - what is and how to

MD5 Checksum - what is and how to
fingerprints.jpg

I still cry over the day I bricked my brand new Samsung Galaxy S while installing a custom ROM on it. It wasn’t a noob installing a custom ROM. But I was careless and that’s what caused the problem.

Talking about my carelessness, I downloaded the update file from a file hosting service as a free user using the default browser. I was so excited about flashing the new ROM that I didn’t realize that the download was interrupted in between which caused a failed installation resulting into a bricked ROM.

For the rest of the time I kept cursing myself for not checking MD5 checksum of the file before installing.

If you are wondering what’s MD5 checksum and how it could have helped me, read on.

md5sum is a computer program that calculates and verifies 128-bit MD5 hashes. The MD5 hash (or checksum) functions as a compact digital fingerprint of a file. As with all such hashing algorithms, there is theoretically an unlimited number of files that will have any given MD5 hash. However, it is very unlikely that any two non-identical files in the real world will have the same MD5 hash, unless they have been specifically created to have the same hash. The underlying MD5 algorithm is no longer deemed secure, thus while md5sum is well-suited for e.g. identifying known files in situations that are not security related, it should not be relied on if there is a chance that files have been purposefully and maliciously tampered.

Virtually any non-malicious change to a file will cause its MD5 hash to change; therefore md5sum is used to verify the integrity of files. Most commonly, md5sum is used to verify that a file has not changed as a result of a faulty file transfer, a disk error or non-malicious meddling. The md5sum program is installed by default in most Unix, Linux, and Unix-like operating systems or compatibility layers.

MD5 checksum, the short for Message-Digest is an algorithm used in data security and cryptography fields. Don’t worry, if you don`t understand all those cryptic tops mentioned above now we’ll jump to the point straightaway.

If I were to explain you in simple words, you can think of MD5 as an alphanumeric string which is associated with every single file. Just like no two human beings can have identical fingerprints, in the same way, no two different files (local or on the network or on the World Wide Web) can have the same MD5 checksum.

Now, just like by matching the fingerprint we can confirm the identity of an individual, we can confirm the authenticity of an individual file by matching the MD5 checksum. The best part is that you don’t need a forensic degree to do so. So let’s see how we can find the MD5 checksum for a given file.

CHECKING the MD5 Checksum

When you download critical files from the Internet - say an operating system or a new firmware for your smartphone - most of the websites supply the MD5 checksum in the download details to help you cross-check the file’s identity before proceeding to the installation.


md5-check.png

We will use a simple freeware called the MD5 Check to check the file. The tool is portable so you can extract and run the executable file after your download. The tool’s interface is self-explanatory. There’s a browse button to browse for the file you want to know the MD5 for. A calculate button to calculate the checksum of the particular file, and finally two text boxes, in one of which the generated checksum will be produced and in the other you can paste the checksum of the same file from a legit source and check. That’s all, if both the checksums match, you are good to go.

Alternatively you can use apps from Google Play such as crypTo, Hash Droid, AFV... or you can check it by the function that`s included in the busybox.

Open terminal and type:

"busybox md5sum /sdcard/PG05IMG.zip" or "/system/xbin/busybox md5sum /sdcard/PG05IMG.zip" if for some reason the other has a problem.

VERDICT

Prevention is always better than cure and in the case of MD5 checksum verification, it hardly takes seconds. So don’t regret later like I did after a corrupt file caused all kinds of problems for me. Check the MD5 Checksum to verify the downloads (whenever you can locate the original MD5 Checksum that is).

credits: Ashish Mundhra
edited by arawn
Nov 8, 2012