md5sums, or sha1sum or whatever are a special type of checksum. In the past, a simple addition of all the byte values in any given file would give a simple total, and typically is/was used to distinguish EPROM contents/versions from one another. However, a simple checksum is not very robust, one bit dropped here and another added there can provide an identical checksum while two files are actually very different. So, cleverer checksum methods have since been devised where a single bit change in file in question can produce a radically different result, and thus it is much harder to produce two different files with the same MD5 checksum, for example, and maybe even impossible in many cases. If, by some miracle, one produced two files with an identical MD5 sum, it's almost beyond imagining that the SHA1 sums (a different algorithm) would be the same too. The upshot is that a file provided with a checksum is hard to tamper with undetected, unless the checksum is also adjusted, of course. MD5 etc are known as hash algorithms.
md5sum etc are standard utilities on most unix/linux systems. I cannot speak for Windoze, but I kinda doubt MS can be bothered, but there are probably 3rd party versions available - if you can trust those! Examples (which might not mean much if you don't understand a unix command line)... bash# echo "Richard Erlacher" | md5sum 5d7a3bc8d9bbe8cbfdf2f53fe42f50f9 - The above 5d7a... number is the MD5 sum hash of "Richard Erlacher". Now make a tiny change... bash# echo "Richard erlacher" | md5sum f3c78f69a11aa4dd432ac3fe35eb976b - Notice that the tiniest change to the string makes a massive difference in the MD5 sum. The upshot of this is that an MD5 sum of a file is a great way of verifying if it has downloaded correctly - if the published MD5 doesn't match what you have downloaded, then there's a problem somewhere, because the files are different. A simple checksum might very well not detect defects or indeed deliberate alterations. I hope that helps! Let me know if I can explain further. On Wednesday 27 August 2008 18:07:37 Richard Erlacher wrote: > ----- Original Message ----- > From: "Frieder Ferlemann" <[EMAIL PROTECTED]> > To: <sdcc-user@lists.sourceforge.net> > Sent: Thursday, August 21, 2008 10:18 AM > Subject: Re: [Sdcc-user] Virus in SDCC-2.8.0-setup.exe > > > Hi > > > > Richard Erlacher schrieb: > >> I don't know how this happened, but my CA virus scanner turned up a > >> virus (Win32FakeAV.CX) in SDCC-2.8.0-setup.exe. Forewarned is > >> forearmed. > > > > Checksums of sdcc-2.8.0-setup.exe as downloaded today from > > http://sourceforge.net/project/showfiles.php?group_id=599&package_id=2892 > >1&release_id=587999 are: > > > > md5sum sdcc-2.8.0-setup.exe > > bff1f75352a4897ee142a26a728c5e92 sdcc-2.8.0-setup.exe > > What's a md5sum? > > > sha1sum sdcc-2.8.0-setup.exe > > f804e0d149b96219ca39084024b9f0e8c3fa0e41 sdcc-2.8.0-setup.exe > > > > sha256sum sdcc-2.8.0-setup.exe > > fbb6ec3339d0b95759dcf57883fb912a2779dd198076760b9d52efc1b9e3ba62 > > sdcc-2.8.0-setup.exe > > What's a sha256sum? > > > Does that match the file you downloaded? > > How would I check it? Am I supposed to have those utilities? > > regards, > > Richard Erlacher > <snip> -- Richard. PGP Key-id: 0x5AB3D350 An authority is a person who can tell you more about something than you really care to know. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Sdcc-user mailing list Sdcc-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sdcc-user
