When you download a file from the internet, quite often you cannot be 100% guaranteed that the file has not been changed in some way from the original. This could either be by the site you are downloading from, corruption due to errors in the download process, an individual who has uploaded the file for you, or possibly the most dangerous, the file has been infected by malicious software.
One of the ways you can identify whether a file has been changed from its original state is to check its digital signature if it has one. Or you can check the file integrity by looking at the hash value. Put simply, every file has unique data contained in it, and when you apply a certain algorithm called a “cryptographic hash function” to it, a string value is returned which is only valid for that file in the current state. If any piece of data in the file is changed, even 1 byte, and you apply the algorithm again, the value given this time will be different to the first value. And with that information you can see if the file is not the same before trying to use it. A couple of the popular hash algorithms are MD5 and SHA1 and you will sometimes see these hash values listed on websites when you go to a software download page. One of the prime examples is ISO images for operating systems like Linux and Windows. All the official Windows 7 ISO images from Microsoft have the SHA1 hash listed on their website which you can then compare against to see if the one you downloaded, from Microsoft or elsewhere, is exactly the same. A major problem when you get ISO images from places like bittorrent or usenet is they often say “untouched”, until you download them…
So if you have something like an MD5 or SHA1 hash value from a website and want to check the integrity of the file you have downloaded, what do you do? Sadly, there is nothing available in Windows to help you out. What is needed is a utility to calculate a hash value using the same algorithm. Simply have a look at the tools below and use one of them to see if the hash value you have matches.
1. IgorWare Hasher
This is a small and portable freeware tool that is able to calculate SHA1, MD5 and CRC32 values from any file you either Browse for, or drag and drop onto the window. IgorWare Hasher can either copy or save the result to a .sha, .md5 or .sfv file for later verification. These can then be used to check the file at a later date, useful if a file is going on a USB stick or coming back from a less than fully trusted source.
You can also generate a hash value for a block of text as well as adding a right click context menu option, automatically checking the file on drag and drop and choosing between upper or lower case values. IgorWare Hasher has separate 32bit and 64bit versions available and works with Windows XP, Vista, Windows 7 and 8. Do note the download is a rar file.
2. Hash Generator
Hash Generator is by Security Xploded, a creator of many useful security related utilities. As with a lot of their programs, Hash Generator has both a portable version and installer in the same zip file so you have the choice. Although, all you get in the installer is a context menu entry and the option of installing a third party toolbar.
Hash Generator is able to calculate the file’s hash data by either the Browse button or drag and drop, then pressing Generate Hash. A total of 14 different hash types can be identified including CRC32, the MD5 family, the SHA family, Alder32, RipEmd160, Haval256-4 and Whirlpool. Creating a value for a block of text is also supported, as is exporting the data to an html, txt or xml file. Hash Generator is freeware and works on Windows XP, 2003, Vista, 7.
HashMyFiles is another small and portable tool from Nirsoft that is very useful at what it does. This one is perhaps more oriented towards batch hash file checking because you can add single or multiple files, folders and sub folders, running processes, and also adding by wildcard. This program can display hashes for CRC32, MD5 and the SHA family (SHA1, SHA256, SHA384 and SHA512) and also other information like created and modified times, size, version information and attributes.
HashMyFiles is also able to put an entry into the context menu for right click integrity checks and also export the data to a text, html, xml or csv file. A number of command line options are also available. As with all Nirsoft tools, this is freeware and works on Windows 2000, XP, 2003, Vista and Windows 7.
4. MD5 & SHA-1 Checksum Utility
Even though this utility by comparison has nowhere near the features of some of the other tools listed here, I actually quite like it because it’s very easy and simple to use. Simply click the button and browse for the file, or drag and drop, then the MD5 and SHA1 hash values will automatically appear. If you want to verify the generated hash with a previous one, just paste it into the box and click Verify.
The program could do with a progress meter for large files, but if you want a simple tool which just gives you the hash value with no frills, the MD5 & SHA-1 Checksum Utility is certainly worth a look. It’s freeware, portable and works with Windows XP, Vista and 7.
ComputeHash is a simple tool like the MD5 & SHA-1 Checksum Utility above but needs installing and is only accessed by right clicking on a file and clicking on “Compute Hash“. Again, it’s not loaded with functions, but gives you MD5, SHA1, SHA256, SHA384 and SHA512 values. Each can be individually copied to the clipboard, or all values can be exported to a text file.
The program requires .Net Framework 2 or above, is freeware and compatible with Windows XP, Vista and Windows 7 32bit and 64bit.
HashTab is another tool that needs to be installed and you get CRC32, MD5 and SHA1 hash values by default. Another 10 or so can be added including the MD5 family, the SHA family and the RipEmd family amongst others. HashTab is a bit more hidden away than the other tools, because you get to it by right clicking on the file, selecting Properties, and then clicking the File Hashes tab.
The settings choosing the hash values to be displayed are accessed through the settings button, and you can compare an already calculated value in a text file by using the Hash Comparison box. HashTab is free for personal use and works with Windows 2000, XP, Vista and 7.
There is an alternative tool that is very similar to HashTab called HashCheck, although this tool is very small and light being only an 85K install. It will display a Checksums tab in the Properties window and is able to show CRC32, MD4, MD5 and SHA-1 checksums.
This utility has a number of options such as; opening files, folders (including sub folders), paths, processes and XML/MD5/SFV lists. It can also create a hash value for text strings. CRC32, MD5, RipEmd and the SHA family of hash algorithms are supported.
File association, drag and drop and the right click context menu option is also there, but this tool has something the other tools listed here don’t have. And that is you can upload to, and query files on Virustotal. You need an API key but this can be attained for free by signing up for an account at virustotal.com. Uploading and checking can then be done from within MultiHasher.
MultiHasher is freeware and has a portable version, both 32bit and 64bit versions are in the zip file. An installer is also available if you want to integrate with the context menu. Windows XP SP2+, Vista, Server 2008, and Windows 7 32bit and 64bit are supported.
There are quite a few features available in ExactFile, not least the ability to perform multi-threaded checksum calculations, which should help speed things up on modern systems. It also handles Unicode filenames without problems and supports a large number of hashes; Adler32, CRC32, GOST, MD2/4/5, and the SHA, RIPEMD and also TIGER families.
You can also create lists of file checksums from directories (including sub directories), and use what the program calls Digests to setup a before and after list of hashes to check that the files have copied to another drive or optical media successfully. A built-in benchmark function will tell you how quickly checksums can be calculated for predefined file sizes. ExactFile works on Windows 2000 and above.
Hasher is a nice and simple tool to get CRC32, MD5, SHA-1 and ELF checksums by either clicking the Add File button or dropping files and folders onto the program window. You only get a single hash value displayed at any one time (switchable from the drop down menu), but multiple values can be written to the log file at once if the tick box is enabled.
Two different file checksums can be compared by copying the second hash value into the clipboard, or enabling the “Compare the next file” option. There are portable and installer versions of Hasher available, it works on Windows 98 and above.
Although not a dedicated hash calculator, I thought the excellent HaoZip is worth a mention because archiving is something nearly everybody needs. HaoZip has an MD5 checksum tool included within the package (HaoZipMd5.exe).
The checksum tool can display file version, modified date, and MD5, SHA1 and CRC32 hash values. Simply open the tool through the HaoZip Start menu entry or via its Context menu. You can also copy the data to the clipboard or save to a text file. If you want a free archiver and MD5 tool in one, HaoZip should be the first program you look at.
HaoZip is freeware and works on Windows 2000, XP, 2003, Vista and 7 32bit and 64bit.
There are hundreds of these tools about, and you might already have your favorite. Of course, feel free to tell us about the hash program you like best. If you want to try the reverse and actually have a go at finding the file from a hash value, you might like to look at this article.