Sometimes you may need to verify the integrity of a download file(s). The provider may have generated what is called an MD5 Hash for the file which will allow you to verify the file.
What is an MD5 Hash? It’s like a fingerprint record created by the source. A serial number if you will that is unique to every single file from any source. By taking the fingerprint of a file, people have the option to later compare the fingerprint of a suspect file to see if it’s a match for the original.
A zipped file may have an MD5 hash of say:
2c535bd29d2979d29e7014300a2d8084 but the webpage that hosts the file says that it should read
Alarm bells! Because there isn’t a match between the two numbers, we should not trust the file as it may have been tampered with which would cause it to have a different fingerprint.
You can both create and read an MD5 hash using this webtool.
- Download the file you want to check and open the download folder in Finder.
- Open the Terminal, from the Applications / Utilities folder.
md5followed by a space. Do not press Enter yet.
- Drag the downloaded file from the Finder window into the Terminal window.
- Press Enter and wait a few moments.
- The MD5 hash of the file is displayed in the Terminal.
- Open the checksum file provided on the Web page where you downloaded your file from. The file usually has a
.cksumextension. NOTE: The file should contain the MD5 sum of the download file. For example:
- Compare the MD5 hash in the checksum file to the one displayed in the Terminal. If they are exactly the same, your file was downloaded successfully and is legitimate.
- Download the latest version of WinMD5Free.
- Extract the downloaded zip and launch the WinMD5.exe file.
- Click on the Browse button, navigate to the file that you want to check and select it.
- Just as you select the file, the tool will show you its MD5 checksum.
- Copy and paste the original MD5 value provided by the developer or the download page.
- Click on Verify button.