+371 2952 9939

MD5 checksum of a file is important

October 12, 2019

What is md5 checksum?

MD5 checksum is a 32-character hexadecimal number that is computed on a file. For normal end user it will look like a long randomized character string. For example: 7d04c9392273e0b742e95a8ebdac515b

Why is important to compare md5 hash of downloaded file with provided on website from where file was downloaded?

For these may be a several reasons:

First, file creators can put their file on the mirrors (3rd party storages) and on own website provide only links on that file. In reality this means that if you are on for example some software developers website and want to download from them their product, it will be actually downloaded from other public source not owned by them. In this scenario file owners do not know are you downloaded their original, unmodified file. And to verify downloaded file they as a proof provide on own website md5 hash.

Second, reason is when file downloader wants to know that file was downloaded without some kind of interceptions and on its machine downloaded file is original and unmodified.

So how we can check if downloaded file is original and unmodified?

In different operating systems this process is slightly different, but in overall it is quite easy process.

In Windows machines you need run command promt. This can be done by clicking on windows start button and typing ‘cmd’ as keyword. Then in command promt navigate to that folder where this file is located. In my example this is Downloads folder. And using ‘certutil’ system tool get hash of that file. Exact command is like this: certutil -hashfile testfile.iso MD5 where testfile.iso – is your real filename with extension.

This received value can now be compared with original hash which is provided with file. And if they match then downloaded file was delivered to you unmodified as it should to be. If hashes doesn’t match then please try to download file again.


As conclusion want to tell you that md5 algorythm is quite old and maybe not absolutely perfect and exist many other ways to validate downloaded file, but this type is one of simpliest method for end user that do not need any additional manipulations and knowledge, except be able to run systems command prompt.

Add Comment

Your email address will not be published. Required fields are marked *