fluff: about MD5/SHA-1

What's this MD5/SHA-1 stuff?

MD5 and SHA-1 are "message digest" algorithms. Think of them as being methods of generating a "fingerprint" for a file. (These "fingerprints" are frequently referred to as "checksums" which is the term used in this document.) The MD5 algorithm is described in RFC1321 - The MD5 Message-Digest Algorithm, and SHA-1 in FIPS 180-2: Secure Hash Standard (SHS).

Why are MD5 and SHA-1 checksums useful?

The principal benefits for us are that MD5 and SHA-1 checksums are easy to calculate, and that it's very difficult to find two different inputs that generate the same checksum. (There are 2128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 different possible checksums for MD5, and 2160 (4 billion times as many) for SHA-1.) This means that if two files have the same checksum, you can be virtually certain they're identical files.

So what's the benefit for us?

It can make it easy to check whether or not the file you've uploaded reached the server unchanged. It also works for the person downloading the file. If they check the MD5 or SHA-1 checksum of the file they've downloaded against the version the server is showing, they can be sure the file reached them unchanged.

Do I really need to do this?

Probably not; it's just there in case you do need it. It's really provided to help with troubleshooting.

How I can I check the MD5 checksum of the file I uploaded?

You need an MD5 program for your computer:

Windows: md5sum (program file, 9 KB), (zipped program file, 3.49 KB). Note that this is a command-line tool and needs to be run from a command prompt.

Linux: your system should have a program called md5sum already installed.

Macintosh: OS X systems include a command-line md5 program called md5.

Once you have an MD5 program, you just need to point it at your file. The Windows and Linux programs mentioned above run at a command prompt; for example:

Windows example:

C:\>c:\temp\md5sum c:\temp\document.doc
MD5 (c:\temp\document.doc) = 9609b654ffcbdffa45c24fbea0a58ad1

Linux example:

[ccmpr@cufs1 ccmpr]$ md5sum document.doc
9609b654ffcbdffa45c24fbea0a58ad1 document.doc

How I can I check the SHA-1 checksum of the file I uploaded?

You need an SHA-1 program for your computer:

Linux: your system should have a program called sha1sum already installed.

Once you have an SHA-1 program, you just need to point it at your file. The Linux program mentioned above runs at a command prompt; for example:

Linux example:

[ccmpr@cufs1 ccmpr]$ sha1sum document.doc
89f5cce549956c5be7ad122cd40a05865d093adc document.doc