You see this possibility for a lot of software downloads but if you’re like me you hardly ever end up doing it: verifying an installation file’s MD5 or SHA-something hash.
For Open Source software this is however recommended if you aren’t downloaded from the official mirror (and even then) and certainly if it’s anything related to security (like Keepass for example).
But to verify that MD5 hash you probably need to install yet another piece of software you’re hardly going to need, so you end up not bothering at all.
Hold on a second.
If you have a recent Windows system with PowerShell installed, you probably have all you need to verify that MD5 hash.
Try this in the PowerShell command prompt:
Get-FileHash .\KeePass-2.30-Setup.exe -Algorithm md5
It should print out something like this:
Algorithm Hash --------- ---- MD5 CD430EB0F108BB192D2155C68EB7BB48
Which happens to be exactly the MD5 hash code listed on the site for that version of the Keepass installer. Yay!
Without that -Algorithm parameter it prints out the SHA-256 hash by default, but that’s longer and harder to compare visually even though it’s more precise. You can also specify other types of hashes like SHA1, SHA512, MACTripleDES and RIPEMD160.
That was easy and required no additional software.
Pretty damn sweet.
Photo by Julien Dumont, cc-licensed.