Windows 10 (and 7) Built-In MD5 Checksum Calculator

I recently paved my main development workstation after it started misbehaving (slow start up, some applications not opening consistently etc) and am trying to be careful about what I install on it going forward.

Previously I had all manner of applications, games (including Steam) and utilities installed and the chances of finding what was causing the problems was pretty remote. There could of course be multiple culprits.

Today I needed to install MySQL Workbench so I headed off to download it and noticed the MD5 checksum beneath the link. Now, I don’t always check these and maybe this is why my workstation ended up in a bit of a mess. But with a view to keeping this system as clean as I can I decided to make a point going forward of checking these checksums when they are available.

The “problem” is which utility do you use to calculate the checksum of the downloaded file?

If you Google for ‘MD5 checker’ you will see a number of utilities and while I have no reason to doubt the integrity of any of these I stopped short of installing any of them.

Obviously each download was accompanied by it’s MD5 checksum so that I could verify the file but after freely installing all manner of utilities in the past I was a little bit wary this time around.

Now, MD5 is not a new thing and you would think that Windows 10 would have some form of utility built in that would calculate the hash – and there is. Apparently it is also available in Windows 7 but I no longer have any systems running Win7 so I cannot verify that.

Open a command prompt and enter the following:

CertUtil -hashfile <path to file> MD5

Depending on the size of the file it may take a few seconds to run the calculation but if successful the MD5 hash will be displayed as below.

It is also possible to generate checksums for other hash algorithms by replacing the MD5 parameter used above with any of the following (note that if you don’t specify a value then SHA1 is used by default):

  • MD2
  • MD4
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

So, if all you need is to determine the checksum of a downloaded file then there really isn’t any reason to install yet another utility to do so.

25 thoughts on “Windows 10 (and 7) Built-In MD5 Checksum Calculator”

    1. Thanks for your comment, but while MD5 may not be secure I think calling it ‘useless’ is going a bit far.

      The article you link to is essentially highlighting that MD5 is no longer secure and shouldn’t be used to store passwords – and I absolutely agree with that, but that’s not a point of my post.

      Many sites offer downloads and provide an MD5 hash to enable users to verify what they downloaded hasn’t been tampered with. Yes, it’s not a bulletproof process, a hacker could in theory change both the file and the corresponding hash, but in that scenario all bets are off anyway! If an MD5 hash is provided then this is a simple way to check it against the downloaded file.

      The built-in tool can also generate SHA256/384/512 hashes mentioned in the article you linked to – so there is value in knowing that you don’t have to install yet another third-party application to achieve this.

      Reply

  12. Thanks for the Windows’ tip!

    That’s a “lifesaver” knowing that ‘Windows Server’ too has the ‘CertUtil’ applet built-in.
    For example, the ISO of updates that I need to install there (i.e. Windows Server) has MD5/SHA1 values posted on the download site, but no clue as to where one might start, etc.

    MD5 & SHA1 are still the winners in this situation, for obvious reasons, not useless at all.

    Cheers!

    Reply

  15. I would agree with the fact that MD5 while having been broken, does not make it useless. Nothing is totally secure so security works on degrees of Risk. For your average download this is perfectly acceptable using MD5 “But” if your downloading Nuclear Codes, which I hope the average punter is not in the habit of doing, you might find this a little insecure of a consideration for MD5 and better routes to movement of that information would be a sound approach. Context is everything.. so if you are a bad actor target, a high degree of care and consideration are wise.. for us on the breadline with little to offer the bad actor except waste their time with low level banking and a handle on good password provision.. I believe we should consider our selves a little less special..

    Reply
  16. baalkikhaal – Bangalore, India – I am Ph.D student of Physics working in the field of spintronics investigating the current induced domain wall dynamics envisaging in high density magnetic memories.
    baalkikhaal says:

    How to create a field for MD5 as part of Context Menu when I press right click on the downloaded file?

    Reply

    1. Sorry – no idea. There maybe utilities out there that integrate with the Windows Explorer to achieve this but not something I’ve done myself.

      Reply

  17. But windows does not seem to have any tools to check checksums written to a file. I can not expect from my customer to compare manually two text files. Have a look on Linux “md5sums” and you will get an idea how it could work:
    md5sums -c file_with_sums
    File 1 : OK
    File 2: OK
    ..

    Reply

    1. True enough, but then Windows isn’t Linux and that wasn’t the point of post, which was that you didn’t need to install one third party tool to verify the integrity of another.

      I’ve used Linux enough in the past to be aware of md5sums and it’s usefulness – that was in part why I wondered whether I could perform MD5 checks natively in Windows.

      Sure, it’s not as flexible as the Linux offering (as is frequently the case) but it works for me.

      Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.