PC-Tools.Net - Quality Coding

win32: MD5sums

MD5sums 1.2 - Generate MD5 hashes of files (with progress indicator)

License: Freeware

Author: Jem Berkes

WARNING: This software is obsolete, and was last tested under Windows XP in 2005. You should not run this software on modern Windows computers. The software is posted here for historical / research purposes.

Download: md5sums-1.2.zip [28 K]
This is a win32 console application. There is no GUI, but you can use Explorer to drag files over md5sums.exe to obtain their md5 hashes.
PGP/GPG signature: md5sums-1.2.zip.asc [use author's key, above]

MD5sums calculates the MD5 message digest for one or more files (includes a percent done display for large files). By comparing the MD5 digest of a file to a value supplied by the original sender, you can make sure that files you download are free from damage and tampering. MD5 values are frequently supplied along with downloadable files. (Optimized implementation).

Changes in version 1.2

Features

MD5sums has user-friendly output, including a percent done indicator when processing large files. With its various command line switches you can customize MD5sums for use in scripts.

The UNIX compatibility switch (-u) makes the output look like that from the Linux/BSD/UNIX md5 or md5sum commands.

Besides the normal command line usage (see md5sums.txt), MD5sums can also be easily added to the windows shell. Use Windows Explorer to access your user profile directory (one level up from the "Start Menu" directory). Locate the "SendTo" folder and create a shortcut inside it to "md5sums -p" (pause before returning).

If you have trouble locating your user profile directory, try this at the command prompt: echo %userprofile%

After adding MD5sums to the SendTo folder, you can select one or more files on the desktop (or in any other folder), and right-click to "Send To" md5sums. Each selected file will be processed.

ABOUT THE MD5 PROCESS

[Paraphrased and, in parts, quoted from RFC 1321]

The MD5 Message Digest Algorithm takes an input (in this case, a file) and produces a 128-bit (or 16 byte) output, which can be represented as a string of 32 hexadecimal values. This output is a 'fingerprint' or 'message digest' for the file.

You will often find an MD5 value supplied along with files you download off of the internet. By comparing the supplied MD5 value to the actual value computed by the MD5sums utility, you can make sure that the file has not been tampered with or modified.

"It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest."

In the context of this MD5sums utility, what this means is: if you have a file and know what the MD5 value should be, and this value matches the actual MD5 value obtained by using the MD5sums utility, then the file is very likely the original file.

This is a good way to both verify that the file has not been damaged during electronic transfers, and also to verify that the file you are getting has not been tampered with.

For example, the MD5 value of md5sums.exe is: da1e100dc9e7bebb810985e37875de38

Note that recent research has shown that MD5 computations are not as immune to collisions as thought earlier. While MD5 hashes are still excellent for file comparisons, for cryptographic strength it is recommended that one uses a stronger hash such as SHA-2.