I recently paved my main development workstation after it started misbehaving (slow start up, some applications not opening consistently etc) and am trying to be careful about what I install on it going forward.
Previously I had all manner of applications, games (including Steam) and utilities installed and the chances of finding what was causing the problems was pretty remote. There could of course be multiple culprits.
Today I needed to install MySQL Workbench so I headed off to download it and noticed the MD5 checksum beneath the link. Now, I don’t always check these and maybe this is why my workstation ended up in a bit of a mess. But with a view to keeping this system as clean as I can I decided to make a point going forward of checking these checksums when they are available.
The “problem” is which utility do you use to calculate the checksum of the downloaded file?
If you Google for ‘MD5 checker’ you will see a number of utilities and while I have no reason to doubt the integrity of any of these I stopped short of installing any of them.
Obviously each download was accompanied by it’s MD5 checksum so that I could verify the file but after freely installing all manner of utilities in the past I was a little bit wary this time around.
Now, MD5 is not a new thing and you would think that Windows 10 would have some form of utility built in that would calculate the hash – and there is. Apparently it is also available in Windows 7 but I no longer have any systems running Win7 so I cannot verify that.
Open a command prompt and enter the following:
CertUtil -hashfile <path to file> MD5
Depending on the size of the file it may take a few seconds to run the calculation but if successful the MD5 hash will be displayed as below.
It is also possible to generate checksums for other hash algorithms by replacing the MD5 parameter used above with any of the following (note that if you don’t specify a value then SHA1 is used by default):
- MD2
- MD4
- MD5
- SHA1
- SHA256
- SHA384
- SHA512
So, if all you need is to determine the checksum of a downloaded file then there really isn’t any reason to install yet another utility to do so.
Many thanks!!!
Thank You, This Saved Me A Great Lot Of Time.
It works! Thanks
Thanks a lot! Worked right off!
Cool! I knew there must be a simple solution to compute checksums in windows without any third party tools.
Thanks, it was a useful article! I’m glad Windows has a utility in their command line for this.
Thank you! This solved my md5sum problem!
Also, love the mug, where did you get it, if you don’t mind my asking.
Thanks again!
Glad you found the article useful – it’s difficult to keep up with what’s actually in Windows these days ;-).
As for the mug, it was a present but I think it’s similar to this one: https://www.amazon.co.uk/Personalised-Stand-Back-Ive-This/dp/B07MXFXLPH
Exactly Where I was coming from too – so thanks for this.
Perfect!
Great tip! Easy. No new utility to install.
Thank you!
If you’re reading this after 2005, note that md5 is now useless:
https://www.codeproject.com/Articles/11401/Good-Bye-MD5
Thanks for your comment, but while MD5 may not be secure I think calling it ‘useless’ is going a bit far.
The article you link to is essentially highlighting that MD5 is no longer secure and shouldn’t be used to store passwords – and I absolutely agree with that, but that’s not a point of my post.
Many sites offer downloads and provide an MD5 hash to enable users to verify what they downloaded hasn’t been tampered with. Yes, it’s not a bulletproof process, a hacker could in theory change both the file and the corresponding hash, but in that scenario all bets are off anyway! If an MD5 hash is provided then this is a simple way to check it against the downloaded file.
The built-in tool can also generate SHA256/384/512 hashes mentioned in the article you linked to – so there is value in knowing that you don’t have to install yet another third-party application to achieve this.
Thanks for the Windows’ tip!
That’s a “lifesaver” knowing that ‘Windows Server’ too has the ‘CertUtil’ applet built-in.
For example, the ISO of updates that I need to install there (i.e. Windows Server) has MD5/SHA1 values posted on the download site, but no clue as to where one might start, etc.
MD5 & SHA1 are still the winners in this situation, for obvious reasons, not useless at all.
Cheers!
Works fine. CertUtil followed by ‘diff HASH1 HASH2’ will let you easily compare the two hashes.