Hello folks,
In this article, I will show you how to verify the security of downloaded content from torrent sites.
First of all, what is MD5 and MD5 checksum?
- The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. [wiki]
- A checksum or hash sum is a small-size datum from a block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage. It is usually applied to an installation file after it is received from the download server. By themselves checksums are often used to verify data integrity, but should not be relied upon to also verify data authenticity. [wiki]
Every product has its own MD5 that is used to verify the data integrity of the file. The only thing that you have to do is a checksum. Both checksums should be equal for the same algorithm to calculate.
Examples are: sha1, sha256, and md5sum. The checksum value before downloading should be posted as part of the meta data or details of the file, as needed for verification of integrity purposes.
Checksum application:
- gnu/Linux (Debian-based): Υou have to go to the right directory where the downloaded file is and in the terminal you enter:
~$ cd "path.to.directory"
Then put the exact name of the file:
$ md5sum "name.exe"
After the comparison is done, the output should be like this:
8044d756b7f00b695abce8dce07d43e5 "name.exe"
If the hash matches the one provided by the website, your download is not modified or corrupted.
- MS Windows: You can use the File Checksum Integrity Verifier (FCIV) utility to compute the MD5 (or SHA-1) cryptographic hash values of a file, or you can use one of the many Windows checksum applications to make the verification.
Finally, you also have to check the number of seeders / comments to see, in some way, the integrity of the torrent. The most “dangerous” file types are.exe,.bat, and.msi.
Also, please keep in mind to keep your PDF and Java clients up-to-date to minimize possible vulnerabilities and threats.
*Consider that there are also some MD5 collisions created by the high number of hashes or by individuals; you have to check every character of the sum because, at first sight, the hashes may look the same.