A question about MD5 and SHA-1 checking

Hi, not sure if this can get an answer or not. I have been reading some info on checking the authenticity of a down loaded file using a MD5 and SHA checksum utility. I downloaded a program from "Raymonds worldpress" and have run the utility against a windows server 2012 ISO file that i downloaded from Microsoft. It runs and gives me the results but here's the thing... How do i know that the results are as they should be? Should i be looking for the original hash results from in this case Microsoft.
I hope that this makes some sense and any help is much appreciated.
Cheers
Jason
LVL 1
Jason ThomasAsked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
Yes, if Microsoft published, but they do not!

Download products from VMware and check them, they publish MD5 checksums!

Part 3: HOW TO: Create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 5.1 (ESXi 5.1)

Part 4: HOW TO: Upload an ISO CD-ROM/DVD-ROM image to a VMware datastore for use with VMware vSphere Hypervisor 5.1 (ESXi 5.1) using the vSphere Client, and checking its MD5 checksum signature is correct.

Most now use Download Managers (VMware and Microsoft) that does checking as large files are downloaded.

If no checksum is published at source, difficult to check!
0
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
I use DigestIt 2004. Despite the date, it works on everything up to and including my Windows 8.1 Pro 64-bit machine.

When I download the ISO, I get the MD5 Checksum, save it in Notepad temporarily, run DigestIt, input the MD5 Checksum and let it run.

If it verifies (always does from VMware), then the download is good.
0
 
gheistConnect With a Mentor Commented:
Apparently microsoft leaves them room to fingerprint download files and publishing checksums would be against that.
Sure you can download twice and compare checksums and come aout with idea that since they are same files are downloaded ok.
0
 
Jason ThomasAuthor Commented:
Thanks chaps.
0
 
artisancomputer_msmCommented:
I use FCIV, free utility from Microsoft.  Then I google the result.  If someone else out there on the Internet has posted the same exact hash for the ISO then that's good enough for me.  It would be nice if Microsoft would provide the SHA hashes and MD5sums with the download.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.