Archive for 26/01/2016

unnamed

Hello folks,

In this article I will show you how to be a bit more secure (not 100%)* of your downloaded-content by torrent sites.

First of all, what is MD5 and MD5 checksum?

  • The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. [wiki]
  • A checksum or hash sum is a small-size datum from a block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage. It is usually applied to an installation file after it is received from the download server. By themselves checksums are often used to verify data integrity, but should not be relied upon to also verify data authenticity. [wiki]

Every product has its own MD5 that is used to verify the data integrity of the file. The only thing that you have to do is a checksum. Both checksums should be equal for the same algorithm to calculate examples are : sha1, sha256, md5sum. The checksum value before downloading should be posted as part of the (meta) data or details of the file,  needed for verification of integrity purposes.

Checksum application:

  • gnu/Linux (ubuntu based): Υou have to go to the right directory where the downloaded file is and in the terminal you enter:
    ~$ cd "path.to.directory"

    Then put the exact name of the file:

    $ md5sum "name.exe"

After the comparison is done, the ouput should be like this

   8044d756b7f00b695abce8dce07d43e5 "name.exe"

If the hash matches with the provided by the website hash your download is not modified or corrupted.

  • MS Windows: You can use the File Checksum Integrity Verifier (FCIV) utility to compute the MD5 (or SHA-1) cryptographic hash values of a file or you can use one of the many windows checksum applications to make the verification.

Finally, you also have to check the number of the seeders / comments to see in some way the integrity of the torrent. The most “dangerous” file types are .exe, .bat, .msi.
Also keep in mind to have your pdf and java clients up-to-date to minimize the possible vulnerabilities threats.

*Keep in mind that there are also some md5 collisions created by the high number of hashes or by individuals, you have to check every character of the sum because at first sight the hashes may look the same.

Advertisements