I recently paved my main development workstation after it started misbehaving (slow start up, some applications not opening consistently etc) and am trying to be careful about what I install on it going forward.
Previously I had all manner of applications, games (including Steam) and utilities installed and the chances of finding what was causing the problems was pretty remote. There could of course be multiple culprits.
Today I needed to install MySQL Workbench so I headed off to download it and noticed the MD5 checksum beneath the link. Now, I don’t always check these and maybe this is why my workstation ended up in a bit of a mess. But with a view to keeping this system as clean as I can I decided to make a point going forward of checking these checksums when they are available.
The “problem” is which utility do you use to calculate the checksum of the downloaded file?
If you Google for ‘MD5 checker’ you will see a number of utilities and while I have no reason to doubt the integrity of any of these I stopped short of installing any of them.
Obviously each download was accompanied by it’s MD5 checksum so that I could verify the file but after freely installing all manner of utilities in the past I was a little bit wary this time around.
Now, MD5 is not a new thing and you would think that Windows 10 would have some form of utility built in that would calculate the hash – and there is. Apparently it is also available in Windows 7 but I no longer have any systems running Win7 so I cannot verify that.
Open a command prompt and enter the following:
CertUtil -hashfile <path to file> MD5
Depending on the size of the file it may take a few seconds to run the calculation but if successful the MD5 hash will be displayed as below.
It is also possible to generate checksums for other hash algorithms by replacing the MD5 parameter used above with any of the following (note that if you don’t specify a value then SHA1 is used by default):
- MD2
- MD4
- MD5
- SHA1
- SHA256
- SHA384
- SHA512
So, if all you need is to determine the checksum of a downloaded file then there really isn’t any reason to install yet another utility to do so.
Many thanks!!!
Thank You, This Saved Me A Great Lot Of Time.
It works! Thanks
Thanks a lot! Worked right off!
Cool! I knew there must be a simple solution to compute checksums in windows without any third party tools.
Thanks, it was a useful article! I’m glad Windows has a utility in their command line for this.
Thank you! This solved my md5sum problem!
Also, love the mug, where did you get it, if you don’t mind my asking.
Thanks again!
Glad you found the article useful – it’s difficult to keep up with what’s actually in Windows these days ;-).
As for the mug, it was a present but I think it’s similar to this one: https://www.amazon.co.uk/Personalised-Stand-Back-Ive-This/dp/B07MXFXLPH
Exactly Where I was coming from too – so thanks for this.
Perfect!
Great tip! Easy. No new utility to install.
Thank you!
If you’re reading this after 2005, note that md5 is now useless:
https://www.codeproject.com/Articles/11401/Good-Bye-MD5
Thanks for your comment, but while MD5 may not be secure I think calling it ‘useless’ is going a bit far.
The article you link to is essentially highlighting that MD5 is no longer secure and shouldn’t be used to store passwords – and I absolutely agree with that, but that’s not a point of my post.
Many sites offer downloads and provide an MD5 hash to enable users to verify what they downloaded hasn’t been tampered with. Yes, it’s not a bulletproof process, a hacker could in theory change both the file and the corresponding hash, but in that scenario all bets are off anyway! If an MD5 hash is provided then this is a simple way to check it against the downloaded file.
The built-in tool can also generate SHA256/384/512 hashes mentioned in the article you linked to – so there is value in knowing that you don’t have to install yet another third-party application to achieve this.
Thanks for the Windows’ tip!
That’s a “lifesaver” knowing that ‘Windows Server’ too has the ‘CertUtil’ applet built-in.
For example, the ISO of updates that I need to install there (i.e. Windows Server) has MD5/SHA1 values posted on the download site, but no clue as to where one might start, etc.
MD5 & SHA1 are still the winners in this situation, for obvious reasons, not useless at all.
Cheers!
Works fine. CertUtil followed by ‘diff HASH1 HASH2’ will let you easily compare the two hashes.
Thanks for the information. It works like a charm
I would agree with the fact that MD5 while having been broken, does not make it useless. Nothing is totally secure so security works on degrees of Risk. For your average download this is perfectly acceptable using MD5 “But” if your downloading Nuclear Codes, which I hope the average punter is not in the habit of doing, you might find this a little insecure of a consideration for MD5 and better routes to movement of that information would be a sound approach. Context is everything.. so if you are a bad actor target, a high degree of care and consideration are wise.. for us on the breadline with little to offer the bad actor except waste their time with low level banking and a handle on good password provision.. I believe we should consider our selves a little less special..
How to create a field for MD5 as part of Context Menu when I press right click on the downloaded file?
Sorry – no idea. There maybe utilities out there that integrate with the Windows Explorer to achieve this but not something I’ve done myself.
But windows does not seem to have any tools to check checksums written to a file. I can not expect from my customer to compare manually two text files. Have a look on Linux “md5sums” and you will get an idea how it could work:
md5sums -c file_with_sums
File 1 : OK
File 2: OK
..
True enough, but then Windows isn’t Linux and that wasn’t the point of post, which was that you didn’t need to install one third party tool to verify the integrity of another.
I’ve used Linux enough in the past to be aware of md5sums and it’s usefulness – that was in part why I wondered whether I could perform MD5 checks natively in Windows.
Sure, it’s not as flexible as the Linux offering (as is frequently the case) but it works for me.
Thanks a lot!