Almost everyone who's downloaded software has no doubt come across MD5 sums to verify a package or programs integrity. For those of you who haven't used them the MD5 signature is a 32 character hexadecimal number that is usually displayed next to a filename. While it's theoretically possible that two different files could produce the same hash it is almost impossible for a file to be modified and have its MD5 signature remain unchanged. This makes the crosschecking of MD5 signatures a great way to verify a files authenticity. If you download an executable file from a third party website and it's MD5 signature doesn't match up with the one provided by the developer, don't run it!
Usage is simple, to create an MD5 signature for a file:
# md5sum filename > md5sums.md5
Inside md5sums.md5 you will see:
To check the MD5 signature against the file:
# md5sum -c md5sums.md5
This is all very useful for one or two files but the scope of md5sum is limited to files within one directory. Clever scripting could of course overcome this limitation but if somebody else has already done the hard work then why bother! md5deep is a neat little open source tool which can be run in recursive mode allowing it to traverse entire file systems and generate a report including every file in every directory.
There are a few more optional arguments for md5deep, these enable you to include file size data in the output or chose between different match options during verification.
To generate a list of file signatures for a directory and all subdirectories:
# md5deep -r /data0 > data0md5.sum
And then to check integrity later on:
# md5deep -rx data0md5.sum
Which will output a list of files that do not match their MD5 signature in the provided data file.
md5deep is available to run onalmost all platforms including Windows/Linux/BSD.