What is the point of providing an MD5 or SHA1 hash along with a downloadable executable?

Question

What is the point of providing an MD5 or SHA1 hash along with a downloadable executable?

I thought they were there for security; to verify that the file has not been modified. But, of course, if someone is able to modify the file, then they can also modify the page using a hash!

What security does he really offer?

+3

security hash md5 sha1

Matthew Dec 22 '09 at 10:43

source share

7 answers

, .

. apache.org , . . MD5: apache.org, .

+4

Vilmantas Baranauskas 22 . '09 12:04

. , , , , .

+2

Alan Haggai Alavi 22 . '09 10:48

, .
, , , , CD/DVD, , , , .

+2

gameover 22 . '09 10:49

MD5 , , ISO Linux.

0

zpon 22 . '09 10:48

, MD5 SHA1 . MAC HMAC. .

0

Tower 23 . '09 11:44

the right way to do this is to provide hashes on a web server that lists all the files and their hashes. the connection to the server must be behind SSL / TLS to ensure that the server is the correct server and not an imposter.

in short - save hashes out of band from files.

0

Michael Howard-MSFT Apr 15 '10 at 15:18

source share

nitzmahone · Accepted Answer · 2009-12-22T10:50:30+0000

They are usually there to ensure a complete and correct download.

, : , . "" , "" , , , .

What is the point of providing an MD5 or SHA1 hash along with a downloadable executable?

More articles: