Author Topic: Looking for MD5 Value for avast! Home Edition (Free)  (Read 4964 times)

0 Members and 1 Guest are viewing this topic.

victor43

  • Guest
Looking for MD5 Value for avast! Home Edition (Free)
« on: December 10, 2009, 06:52:20 PM »
Can anyone provide the MD5 value for the above download ? I only wish to ensure my download has not been corrupted.

Thanks in advance

Victor

micky77

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #1 on: December 10, 2009, 09:05:07 PM »
d4d9b0665f19de9d41fd16f33cb065bd

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #2 on: December 10, 2009, 09:10:48 PM »
The installers are digitally signed - so just invoke Properties of that file, switch to "Digital Signatures" page, select the signature and click Details - it will be verified.
If the page Digital Signatures wasn't there, then the file would indeed be corrupted.

Hermite15

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #3 on: December 10, 2009, 10:53:57 PM »
The installers are digitally signed - so just invoke Properties of that file, switch to "Digital Signatures" page, select the signature and click Details - it will be verified.
If the page Digital Signatures wasn't there, then the file would indeed be corrupted.

yeah OK but some would prefer an MD5 displayed on the web site first, just in case the sig would be tampered on its way to the PC, which can hardly happen I admit .... well it's got to happen sometimes somehow otherwise software providers wouldn't bother giving an MD5 online...

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #4 on: December 10, 2009, 11:03:00 PM »
You can't tamper with the digital signature - that's why it's a signature (or, it's about as likely as that somebody would create a tampered package with the same MD5 as the original - and probably even less likely than somebody hacking the server, replacing the package - and updating the displayed hash as well).

zerospam

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #5 on: December 11, 2009, 05:04:14 AM »
It probably won't be long before someone leverages the research into MD5 collisions to create a hacked package that has the same MD5 hash as the official package. It's already possible to create a pair of non-identical files having the same MD5 hash. http://www.mscs.dal.ca/~selinger/md5collision/ ; http://www.win.tue.nl/hashclash/SoftIntCodeSign/ . In these attacks, both files must contain significant specially-crafted common data, which makes it nontrivial for an attacker to create a hacked package bearing the same signature as the official one. But I suspect it won't be long before someone succeeds at this.

BTW, Authenticode will *not* be immune to this attack, because it supports MD5-based signatures. http://blog.didierstevens.com/2009/01/17/playing-with-authenticode-and-md5-collisions/. Fortunately, though, Authenticode uses SHA1 by default, so the attack will work only if the official package is (unwisely) signed using MD5. I've never seen such a package.

The upshot? Rely on the Authenticode signature. It's at least as secure -- and almost certainly far more secure -- than using a side-posted MD5 hash.
« Last Edit: December 11, 2009, 05:07:28 AM by zerospam »

Hermite15

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #6 on: December 11, 2009, 11:12:16 AM »
thanks ZeroSpam, interesting post  ;) ...so I guess posting an MD5 has become useless these days  :'(  ;D

spg SCOTT

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #7 on: December 11, 2009, 04:22:27 PM »
...so I guess posting an MD5 has become useless these days  :'(  ;D

Not necessarily, some still do, if not only for the purpose of quickly checking for a full, uncorrupted download. (which incedently, was the reason that it was asked for ;))

Sakurako

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #8 on: December 11, 2009, 05:56:05 PM »
thanks ZeroSpam, interesting post  ;) ...so I guess posting an MD5 has become useless these days  :'(  ;D
Probably should use at least 3 types of compatible checksum to ensure security, including MD5, SHA-1, or digital signature ~

Hermite15

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #9 on: December 11, 2009, 06:04:54 PM »
they could even use higher sha checksums, like 256 or 512, as those programs like avast are pretty small in size and fast to verify.

Sakurako

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #10 on: December 11, 2009, 06:17:05 PM »
It might be recommended as one of the checksum, depending on the security requirement. However, probably not convenient for general user to find compatible software on download site ~

victor43

  • Guest
Re: Looking for MD5 Value for avast! Home Edition (Free)
« Reply #11 on: December 11, 2009, 11:40:16 PM »
Thanks micky77 to all other posters. Victor.