File verification

If you haven't already done so, I'd like to see a "How to ..." on verifying downloaded files:

checksums and fingerprints.

Finding a good application to run SHA1, SHA256, or MD5 for example can be hard to find.

Checking signatures or fingerprints: now, there be monsters.

This can be daunting. And, like all good tekies, we should be verifying our downloads.

If Wendell were to take this challenge, please slow him down. His Steam install was lightning fast - for me.

I second this PGP is good but, is a little difficult for laymen or people new to encryption to start using.

http://implbits.com/products/hashtab/

Good idea for a video.

A hash in case your not aware, does not conform a file has been unhampered when you download it. Part of the reason for this is if you ask where did you get the hash to compare in the first place ? Its almost always from the same site you download it from, so if the file is compromised the hash likely is as well.

You see md5 hash's a lot on linux iso's and similar things, the only reason they exist is for checking your file wasn't corrupt in download.

if you run linux its super simple. Download the file and hash and run (if its md5): md5sum -c <hash file>

It will calculate the hash of the download file and compare it to the hash file for you.

On windows you'll need a program.

PGP signing is more useful to ensure the file hasn't been compromised. Assuming the persons PGP key isnt compromised. These are used on some Linux package managers if i remember right.

http://www.slavasoft.com/hashcalc/

Boom