Using Md5sum to ensure the protection of software packages


It sounds weird but actually simplest of all other things. sha1, md5sum etc are well known for generating hash values(one-way encryption) to software packages or even individual files. Sometimes, a developer will use the md5sum command to generate a hash of the file. You can use this hash and the md5sum command to ensure that the file has not been altered. Easiest way to do this is to read the hash from the original developer and run md5sum against the package you downloaded. I will explain the method with a simple example.

Suppose I have with me a copy of package named foo.deb and I know the corresponding hash value from the developer itself. Somehow I learnt that foo.deb has a security problem. I wish to install the latest secure version. After downloading it, I will run md5sum against the file

user@GNULinux:~$ md5sum foo.deb
    d41d8cd98f00b204e9800998ecf8427e  foo.deb

However, I notice that the developer’s md5sum value for the same program reads as follows
I should then delete the file and find another source where I can verify the md5sum hash.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s