Checksum

Sunday Jun 17, 2007

As everyone is quite aware you can now freely download a ton of opensource software off the Internet. Software downloading has become so popular that most Internet host can't keep up and they mirror the software around the world. This raises the question, how do you know that the download you are getting is the one that the original author planned on you getting? Many mirrors are hosted at colleges. How do you know some adventurous student or group of students did not replace the download with a slightly modified version? One with some type of back door? Or even on the less malicious front, how do you know that you got the download correctly and that some bits where not dropped?

The incredibly simple answer is checksums. Checksums are one of those very easy steps to take, that most people seem to over look. It takes mere seconds to run the checksum command, and it can save you hundreds of hours. I won't get up on my soapbox for to long, but I don't understand why people don't use them.

Next time you download a software package, look next to the download. There is almost always a long hexidecimal number labeled as a checksum. The author of the software package has run the check some command on the file to generate the checksum. Once you have the file in hand, if you run checksum again, you should get the same exact number.  

As an example I just downloaded Nevada 66. The checksum for the file is fc1acf54285ac6cc66b0797919261bec

From the command prompt execute the checksum on the file you downloaded.

md5sum sol-nv-b66-x86-dvd.iso

fc1acf54285ac6cc66b0797919261bec

Now I know that I have the exact bits that the author intended for me to have. No one fiddled with them, nothing was lost in the download and I can move forward with confidence!

Like this post? | | | |

Posted at 11:06AM Jun 17, 2007 by acworkma in Sun
Tags: