security program I run tell me that an MD5 signature wasn’t correct. So, what’s
an MD5 signature?
Well, it’s Message Digest algorithm number 5.
That doesn’t help, does it?
MD5 is one technique that’s frequently used to make sure that a file hasn’t
Become a Patron of Ask Leo! and go ad-free!
An MD5 signature, also called an MD5 path or hash, and more officially a
message digest, is simply a number. It’s a big number (128bits, or 16 bytes, or
a number somewhere between 0 and just over 10 to the 38th), that’s calculated
from the contents of a file. The entire file is read, the bytes combined
numerically via a special algorithm and the result is the MD5 hash.
The algorithm for the calculation of that number is designed to be
relatively quick to compute, and, perhaps more importantly, very unique.
What do I mean by unique? It’s considered almost impossible for two
different files to result in the same number being calculated as the MD5 hash.
This is important because if a file changes for any reason, the MD5 hash that
would be calculated from it would also be different.
Thus, publishing both a file and its original MD5 hash allows you
to download a file, calculate the MD5 hash on the file you just downloaded, and
confirm, or deny, that the file is correct.