Ask Leo! by Leo A. Notenboom

What's an MD5 Signature?

Helping people with computers... one answer at a time.

Ask Leo! » General Computing

by , © 2005

I keep seeing references to "MD5" signatures, and even had a security program I run tell me that an MD5 signature wasn't correct. So, what's an MD5 signature?

Well, it's Message Digest algorithm number 5.

That doesn't help, does it?

MD5 is one technique that's frequently used to make sure that a file hasn't been altered.

An MD5 signature, also called an MD5 path or hash, and more officially a message digest, is simply a number. It's a big number (128bits, or 16 bytes, or a number somewhere between 0 and just over 10 to the 38th), that's calculated from the contents of a file. The entire file is read, the bytes combined numerically via a special algorithm and the result is the MD5 hash.

The algorithm for the calculation of that number is designed to be relatively quick to compute, and, perhaps more importantly, very unique.

What do I mean by unique? It's considered almost impossible for two different files to result in the same number being calculated as the MD5 hash. This is important because if a file changes for any reason, the MD5 hash that would be calculated from it would also be different.

Thus, publishing both a file and its original MD5 hash allows you to download a file, calculate the MD5 hash on the file you just downloaded, and confirm, or deny, that the file is correct.

Article C2307 - March 16, 2005

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

Recent Comments
1 Comment

Thank you for detailed explanation.
I recommend to add some references to software
caclulating MD5 Signature.

Posted by: Baruch Lvovsky at June 20, 2006 6:20 AM
Post a comment on "What's an MD5 Signature?":





Remember Me?

(You may use HTML tags for style)

Before commenting, please...

  • READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.

  • Comment only on the article. Use the search box at the top of the page if you have a question about something else.

  • NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

  • Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.

  • Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/whats_an_md5_signature.html