Differences between revisions 13 and 14
Revision 13 as of 2021-03-27 19:44:08
Size: 1117
Editor: donfede
Comment: update windows commands to calculate MD5 (and more); rm stale link to window md5 util
Revision 14 as of 2021-03-27 20:00:31
Size: 1526
Editor: donfede
Comment: add warning per security issues with MD5 (collab w/ bauen1 on #debian-www)
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:


=== MD5 Security Warning ===

The security of the MD5 hash algorithm has been severely compromised since at least 2007. <<BR>>
https://en.wikipedia.org/wiki/MD5#Security <<BR>>
https://infosec.mozilla.org/guidelines/key_management.html#old---do-not-use

A more current algorithm should be used instead, such as [[https://wiki.debian.org/Sha256sumsInPackages | SHA256]].



=== MD5 Overview ===

Translation(s): English - Français - Italiano

(!) ?Discussion


MD5 Security Warning

The security of the MD5 hash algorithm has been severely compromised since at least 2007.
https://en.wikipedia.org/wiki/MD5#Security
https://infosec.mozilla.org/guidelines/key_management.html#old---do-not-use

A more current algorithm should be used instead, such as SHA256.

MD5 Overview

MD5 Sums are 32 byte character strings that are the result of running the md5sum program against a particular file. Since it is very hard to find two different files that results in same strings, MD5's can be used to determine that the file or iso you downloaded is a bit-for-bit copy of the remote file or iso.

Verify md5sum using linux:

  • md5sum -c linux.iso.md5

Create an md5sum using linux:

  • md5sum linux.iso > linux.iso.md5

Windows users that need to check the md5sum (e.g. of a Debian ISO file) can use certutil https://superuser.com/a/898377.

  • certutil -hashfile fooinputfile MD5
    certutil -hashfile fooinputfile SHA256

See also:


CategoryObsolete