Verifier – free open source checksum verification

Viewing 5 reply threads
  • Author
    Posts
    • #1687
      linuxstarved
      Participant

      Black hats have become more and more clever, what once seemed the stuff of hollywood movies, is now reality; good software is being packaged with malware.  A quick google search will reveal that major software repositories (even the likes of sourceforge) have been compromised and unwanted payloads have often been passed off as the regular code that users of the site were looking to download. This is not a new issue, but it is becoming more prevelant and wide spread. As time consuming as it sounds, we have no choice but to verify that the package is what the publishers intended it to be.  The problem is that the programs used for checksum verification cost more than most budgets are equipped for (usually $1.00 past free).

      Once again I have to plead poverty, and by I, I mean my organization.  It may seem trivial to some, but spending $25-30.00 on a “security tool” is unconscionable. For that reason that I had to forgo a lot of very reliable tools, until I found verifier.  I had almost given up hope, when finally the right combination of search terms brought me to this amazing tool, found here http://sourceforge.net/projects/verifier/ Verifier works on 63 hashing algorithms including MD5, SHA-1, Ripemd, etc.  It is an impressive list.  Overall it is a great piece of open source software, but their is one major drawback…it’s old.  The next version was due out Sept. 6, 2004 but apparently that wasn’t to be. I am using it with cautious optimism, hopefully some of you will take the plunge as well.

    • #14206
      0blivi0n
      Participant

      looks quite interesting….i’ll give it a try!
      thanx for the info!!

    • #14207
      Anonymous
      Participant

      @RichM wrote:

      The problem is that the programs used for checksum verification cost more than most budgets are equipped for (usually $1.00 past free).

      There are plenty of free tools to check all manner of checksums. I can think of cksum, md5sum and sha1sum off the top of my head.
      @RichM wrote:

      Once again I have to plead poverty, and by I, I mean my organization.  It may seem trivial to some, but spending $25-30.00 on a “security tool” is unconscionable. For that reason that I had to forgo a lot of very reliable tools, until I found verifier.

      Most sites publish the MD5 and/or SHA1 sums for files they want to distribute, so a tool supporting 63 different checksums may seem overkill. It’s good to have a tool that does all these checksums though, you never know when you might want it.

      Better than checksums for verifying package integrity is cryptographic signing with a public/private key system like GPG. RPM for example has support for signed packages so you can verify their integrity without spending undue time on the process.

      Regards,
      Jimbob

    • #14208
      linuxstarved
      Participant

      Jimbob,

      I can appreciate the tools you mentioned, but they mostly are singular in nature.  I like the idea of having one tool that can do it all. 

      Also, I agree PGP is the way to go, but most vendors barely provide md5 or SHA1 hashes; I think we are a few years away from PGP becoming the norm for the average vendor.

    • #14209
      Don Donzal
      Keymaster
    • #14210
      linuxstarved
      Participant

      Ummm, well yeah…I guess that is why you are the editor 🙂 

      I honestly searched up and down for a freeware checksum verification tool, and Verifier was all I found.  Clearly I need to brush up on my google hacking skills, b/c what you found is more recent (and most importantly relevant). 

      I have never claimed to know everything, and based on this thread I am not going to start now 😉 I have not d/l this prog yet but it is on my short list of to do items.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?