2008/8/9 Erling Larsen <[EMAIL PROTECTED]>
> This question is not OOo only, but i often see this checksum when i look
> for open source programs.
> I guess that it is something like i used with my old Commodore 64 when
> writing programs from magazines.
> (for a control that everything is ok)
>
> But would someone here please give me an explanation on how to use it, and
> do i need it with windows?
>
> I am a windowsuser since -95, and even that i have been looking at Ubuntu,
> i know nothing about Linux and Mac
>
> Erling Larsen
>
MD5 is one of many "hash" algorithms used to test the integrity/authenticity
of copied/downloaded files. A program processes the file in question and
does a mathematical calculation on its contents. The result is the "hash"
for that file. It's a more complex version of the "checksum" system used
with bank account numbers. The algortihm used to perform the calculation is
carefully designed so that (a) similar files produce very different results
and (b) it is hard to find a file that produces the same result as a given
file. There have to be files producing the same results ("collisions")
because the "hash" is much much shorter than most files (MD5 produces a
128-bit - 16 byte - result) and there are therefore fewer of them. The
author of a file publishes the hash for his//her file. When you have
downloaded the file you run the hashing program on your copy and compare the
result to the published version. If they match the chances are extremely
high that the file you have is the same as the author's version on the
server from which you downloaded your copy.
Information about using MD5 for OpenOffice.org is at
http://www.openoffice.org/dev_docs/using_md5sums.html
More generic information about MD5 is at, among may other places,
http://en.wikipedia.org/wiki/MD5 You will see from this that MD5 has been
"cracked" and that better methods, notable SHA1 (Secure Hash Algorithm
number 1) are available
If you encrypt the hash of a file with your private key, the result is a
"digital signature" which can be checked by someone with access to your
public key and to the hashing program. Such schemes form part of what is
known is Public Key Infrastructure (PKI) systems.
Should you use it on Windows? If you are sure you got the file from an
authentic site then no, I don't believe it's worthwhile. On any Operating
System. If you [unknowingly] got the file from a "rogue" site then the
chances are you also got the published MD5 from that same rogue site and
that it will match the rogue file. So, again, not worth the effort. Signed
files are a different kettle of fish provided you can be sure the signer's
public key is authentic. This is easier to prove but PKI systems are fraught
with other difficulties.
--
Harold Fuchs
London, England
Please reply *only* to [email protected]
