Mah Jong
Site Map

MD5 Message Digest Program

MD5 is used here as a security program, you do not need it in order to use any of the files that you can download here.

At long last, people are becoming more aware of the security threats on the Internet. I have taken the time to provide some simple security features that should allow you more peace of mind when downloading things from this site.

To download the MD5.EXE program that is on my site, click here. (17,845 Bytes) (no MD5 hash of this as the process would become circuitous).

If you want to get one from somewhere else,

. . . or another search engine.

I take the trouble to keep my computer free from viruses and I know that whilst these web pages and the content that they refer to are on my machine, they are problem free. I would like you to know that the files that you download from my websites are the same as the ones that I uploaded.

For there to be any modification to anything that you may wish to download, before it gets to your machine, there has to be a breach of security. There are several places for this to happen:

  1. On my machine;
  2. On the way to my ISP;
  3. On my ISP's server,
  4. On the way from my ISP's server to your machine; or,
  5. On your machine.

With regard to point 1, my machine is in one place on this planet and is only accessible from the Internet when I am online. To protect against attack whilst I am online, I use a firewall. Points 2 and 4 occur only for a short period of time therefore there is not a great deal of opportunity for an attack whilst these points happen. Point 5 is really up to you. This leaves Point 3 as the main opportunity for attack.

No matter how good the protection is on a server, people can still break in and therefore, I have added a few features to the pages on this site that lead to a download. There are:

  • The file name;
  • the file's size; and,
  • a Message Digest number (or Message Digest Hash).

These are intended as security devices, depending upon the level of security you really want. A typical example is . . . The file name tells you the name of the file that you are about to download
File size 362,259 Bytes The file size tells you exatly the size (in bytes) that you will download
MD5 hash = 2c4ffdf59938e8d13dc0e0f3e33a0f05 The hash gives you a value that relates to the content of the file you are about to download.
  • If you are not too bothered about security then just downloading the file and seeing that the filename is the same may be enough to meet your requirements.
MD5 takes the content of a file and forms a number from it in such a way that:
  • it is not possible to tell the contents of the original file just by looking at the hash value and;
  • it is not reasonably practicable to generate a file that will give a particular hash.
  • Checking that the file size that you have downloaded once the transfer process has finished is the same as the file size will ensure that anyone who wants to tamper with files on a server must at least take the trouble to get the file length the same.
  • Checking the MD5 hash will ensure that the hash on the web page is the same as the MD5 hash of the file that you download. (see box on right)

However, this is not entirely secure as:

  1. Anyone who breaks into a website can get an MD5 program and put the new MD5 hash on the web page along with their malicious file or,
  2. They can write a program, call it MD5.EXE and put it up on the server so that it gives the hash that they want.

In response to this:

  1. The more important files that can be downloaded from these pages are actually stored on another server so anyone who wants to change the file and the hash will have to break into two servers; and,
  2. The MD5 program is available in many places on the web so endulging in item 2 will do no good (go to a search engine and type in "MD5", somewhere there will be one to download).

These points also address the problems of intercepting and substituting traffic on the way to and from servers (points 2 and 4) as all traffic would have to be interecepted and changed in a consistent manner.

To use the MD5 program in MS Windows 95 or later, open two copys of Windows Explorer and make sure that in one of them, there is the copy of MD5 and in the other, the program you wish to generate the hash from. Drag the file over the MD5.EXE program and drop it (on it, otherwise you may just move the file to the same directory as the MD5.EXE program). The program will run and if you have the DOS box set so that it will stay open after it has run, you will be able to see the hash. Compare this to the one on the web page and if it is the same, you know that the file you have is the same as the one that I uploaded (or at least that it is extremely unlikely that it is not). If the hash is different, it could be caused by a number of innocent reasons such as an error in the file transfer. If this happens, make a note of the hash you got and try downloading the file again. If you get the same hash, let me know about it immediately by sending e-mail to paul-grosse at ntlworld dot com , telling me the name of the file you were downloading, the hash value you got and the page you got the different hash value from. Occasionally, I update files and you may be that one in a million download that picked up a hash and a file that didn't match.

For those of you who want a file sent as an e-mail attachment, I can do that. If you really want to be secure, I can provide you with a PGP signed copy of the MD5 hash if you want it or even encrypt it or the whole file for you. My PGP key link is in the menu at the top left of this page.

There are many places on this site that lead to this page so either click the mouse on the back button to get you back to where you came or click on the appropriate link below.

FastCounter by LinkExchange
Site map
Back to the Index Copyright 1998 - 2003 P.A.Grosse.
All Rights Reserved
TrueType Fonts What do you thing about UFOs?