Please keep MD5 checked by default

[mooms06]

Hi, First, thank you for keeping alive HashCheck !

I'm the original author of the French translation.

I have a suggestion: keep MD5 in the default checksum, it's still widely used for file verification, no reason to remove it from default install.

Thank you.

[cnleo]

+1

[ghost]

MD5 is too easily circumvented. You can easily forge a tampered copy of a file such that its MD5 hash is identical to that of the original.

[modelrockettier]

Whether MD5 is a useful algorithm these days all depends on what you're trying to accomplish.

If you are only concerned with file corruption and don't care about deliberately forged files (i.e. an attacker), then MD5 is fine (although the SHA family of hashes are still better if you have a choice).

[LocutusX]

But still, I think the point is that for file verification of downloads, many providers only provide MD5 signatures.

For example, a very popular Android phone right now is the "OnePlus" brand. All ROM downloads from their official site (both Production release and Beta builds) are given with MD5 signatures only.

That's why I agree with the original issue creator that MD5 should be left enabled as a standard default.

[jimscard]

MD5 is not valid for file verification, so it should not be enabled. Vendors who only supply MD5 signatures should be reminded that both MD5 and SHA1 have demonstrated collision attacks and cannot be relied upon.

Get Outlook for Androidhttps://aka.ms/ghei36

From: LocutusX Sent: Sunday, March 11, 09:13 Subject: Re: [gurnec/HashCheck] Please keep MD5 checked by default (#23) To: gurnec/HashCheck Cc: Subscribed

But still, I think the point is that for file verification of downloads, many providers only provide MD5 signatures. For example, a very popular Android phone right now is the "OnePlus" brand. All ROM downloads from their official site (both Production release and Beta builds) are given with MD5 signatures only. That's why I agree with the original issue creator that MD5 should be left enabled as a standard default. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/gurnec/HashCheck/issues/23#issuecomment-372127110, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AZWWWhzdvJqafW8yGmB_Wva0gjzd899Vks5tdU0rgaJpZM4LzqpA.

[Ve2mrx]

+1 for MD5 enabled by default!

True: MD5 is no longer acceptable as a cryptographic hash due to collisions. It is the same for any other hashes given time.

However, in order to verify if a file has been damaged, MD5 is good enough!

The goal is not to authenticate the file, only to check for damage. Authentication needs to be done by other means like signing.

[jimscard]

Good enough? Hardly.

If the MD5 check fails, there is likely something wrong, and you reject the file.

If the MD5 check succeeds, you know absolutely nothing about the state of the file. It might be OK, it might be intentionally damaged (corrupted) - there's no way to know, and given that collision attacks can be done in seconds, you can't assume anything.

On the other hand, a SHA-256 hash will tell you if the file has been damaged, as there are no known collision attacks.

The only thing that signing would add is source verification - who generated the hash used to verify the file.

Jim

Get Outlook for Androidhttps://aka.ms/ghei36

From: Martin Boissonneault Sent: Monday, March 12, 14:05 Subject: Re: [gurnec/HashCheck] Please keep MD5 checked by default (#23) To: gurnec/HashCheck Cc: James M. Scardelis, CISA, CIPP, CIPP/IT, MCT, MCSE, CTT+, Comment

+1 for MD5 enabled by default! True: MD5 is no longer acceptable as a cryptographic hash due to collisions. It is the same for any other hashes given time. However, in order to verify if a file has been damaged, MD5 is good enough! The goal is not to authenticate the file, only to check for damage. Authentication needs to be done by other means like signing. — You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/gurnec/HashCheck/issues/23#issuecomment-372462352, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AZWWWlTXTfvrhTeSwB1lEB6Z4KY2qFwoks5tduMugaJpZM4LzqpA.

[cfbao]

If the MD5 check succeeds, you know absolutely nothing about the state of the file.

"absolutely nothing" - This is the kind of hyperbole that discourages sincere discussion.

In many practical cases, SHA-256 is only marginally better than MD5, if any. If an attacker can change the file, they can probably also change the hash listed on the same website. Very often the hashes are NOT supposed to be a security check in the first place, rather just a file corruption check. Security issues can be addressed via other means, e.g. serving the files over https.

The only thing that signing would add is source verification

What's "only" about this? Isn't that the point?

And checking integrity of downloaded files isn't the only use case for HashCheck Shell. There are many other use cases where security is not the concern, or is addressed by other measures, and MD5 can totally be a reasonable choice. Google Drive uses MD5 to index files, for example. Sometimes I'll want to know the MD5 of my local file to help quickly locate the cloud counter part.

[PhoenixIV]

I installed this extension BECAUSE I was looking for MD5. At least I found the "Options" menu after this thread suggested there are options. I enjoy the hint that MD5 is not safe for file verification. That's fun as MD5 is all I always see with file downloads. So I follow the logic of it hinting on file CORRUPTION (by accident, not malicious attac). Can someone explain how CRC-32, which creates a much shorter and - as I see it - even more collision-friendly hash is still enabled by default if it is used for the same reason? Thank you for providing this program and @mooms06 for guiding me to find the options menu.