They are used to verify the integrity of files used for this also in computer forensics. Well, once downloaded on your PC, to verify that the file is intact free of transmission errors or voluntary tampering due to MITM attacks you just need to recalculate the hash locally and compare it with the string provided online. You can use CertUtil :. It is not possible to generate CRC32, however, for Windows there is also a very useful free program from Nirsoft ,.
HashMyFiles , downloadable from the relevant site, which allows the calculation from GUI also with this algorithm. For the CRC32 calculation of a file:. Otherwise you may be checking against hashes that have also been tampered with, giving you false confidence that your file is legitimate. This increases the risk even more, since there is a chance that you are not really connected to the website you think you are accessing.
Someone on the Internet or on your WiFi connection or network can substitute a fake website that seems to be at the correct address, but provide hashes for a tampered file. It does not mean that it is not infected with malware. Remember that anyone's computers can get infected, even the people from whom you are getting the file, resulting in the files they distribute being infected.
The hashes provided may have been generated unknowingly or even knowingly after those files were infected. You should always scan the file you obtain with an antivirus, and perhaps even upload it to one of the free online antivirus sites that scan using multiple antivirus programs.
Windows 7, 8, 8. Note that if you are intimidated by the thought of using a command-line program, and prefer to use a program sporting a graphical user interface, where you can just click buttons and the like, you will have to install a third party ie, non-Microsoft program. Although the latter is focused on MD5, some of the free tools it links to also support multiple types of hashes. I will not deal with such programs here, though, since it's outside the scope of this tutorial. Copy or move your file to somewhere where you can easily access it, such as your desktop.
If you are not familiar with working on the command line, copy or move the file to your desktop. This will help you with one of the steps below, since you can just use my instructions verbatim. Open a command line prompt.
To do this, click the Start menu button and type "cmd" without the quotation marks. The words "Command Prompt" should appear at the top of the menu. Click it to run it. The exact words will not be the same, since your Windows account name will probably be different from mine. Now navigate to the directory or folder where you have placed your file. If you have copied the file to your desktop as I suggested, type " cd desktop " without the quotation marks and hit the ENTER key.
Otherwise, change directory by typing " cd " followed by the full path. If the previous sentence does not make sense to you because it is filled with technical lingo , type " cd desktop " without the quotation marks, and followed by the ENTER key to go to your desktop, and copy your file to your desktop as I mentioned in the first step. You can verify that your file is indeed in your new location by typing " dir " without the quotation marks , followed by the ENTER key.
This will list all the files and folders in that directory. Change " filename. I admire you for wanting to figure this out with Windows commands, and there is a certain satisfaction to be had from that.
Unless the Mods have locked a question, I just hit the big blue Reply button to reply. Sometimes the forum is having a bad day and that doesn't work, but there's always tomorrow. Was this reply helpful? Checksums are usually used to assure a downloaded file or file gets all the metadata to complete the file.
Other than that, I would see no purpose for needing it. A checksum is used to ensure that a file copied from location A to location B copied accurately. It relies on the mathematical certainty that two otherwise identical files that differ by as little as a single bit will hash to different checksums.
For example, websites that offer large downloads will often publish the checksum of the file. After you download the file you can recompute the checksum and compare it to the original.
If the two match - voila! Another practical application: Image backup applications typically create a checksum for each backup. Since images might be moved from one storage drive to another, and every transfer introduces the possibility, however small, that the image will be corrupted, before restoring a backup I can recompute 'verify' the checksum to ensure that the image is still intact.
Microsoft used to publish the checksums for Windows ISOs but lately they've stopped doing that. No reason given of which I'm aware - it's a big secret. Thanks for accurately clarifying the purpose and use of checksums.
They're about ensuring the integrity of the contents of the file for security and practical purposes, and they're often used. I think Microsoft may not publish checksums for Windows files because it prefers the fsutil, which allegedly checks file integrity and restores accurate versions of corrupt files from the Windows cache.
But we never really know why it does anything. One method uses the command certutil in the command prompt window.
This thread is locked.
0コメント