Why allergic to MD5 and SHA1? just add it to 7-zip
A free file archiver for extremely high compression
Brought to you by:
ipavlov
Menu
▾
▴
#1217 Why allergic to MD5 and SHA1? just add it to 7-zip
I rember I readed discussion with other users requesting those features (there are also closed tickets about that). Years users are asking for those features, years developers focus on other things (and THAT'S THE REASON WHY OTHER ZIPPING APPLICATIONS ARE MORE POPULAR EVEN IF SUCKS COMPARED TO 7-Zip)
The main reason from developers was:
"MD5 and SHA1 are not secure".
If that is the reason to not add 2 simple checksums than that reason sucks. Most sites that provide downloads (Github, sourceforge etc.) Only provide MD5 and SHA1 checksums. If I can't use 7zip to test those checksums isn't that even less secure? ;)
Also If I check size in bytes+MD5+SHA1 that would be enough secure by the way.
Also CRC check is somewhat more obsolete than MD5 (and anyway CRC is implemented at TCP protocol level...)
I guess the real reason why developers of 7zip does not add them is missing time or more interesting features (like 1% more compression ratio at cost of 10% more compression time).
In that case, dear 7-zip users, I finally found an easy way to check MD5 and SHA1 without having to download 3rd party applications from other sites( potentially installing unwanted ad-ware)..
There's a webiste that just do MD5 and SHA1 thanks to Javascript (and a decent browser)
:
since 7Zip is not going to implement essential features (so essential that there's a website dedicated only to those features), and since I'm not going to install anything else but I need MD5 and SHA1, that seems a reasonable solution.
Best regards
MD5 has been cracked (meaning, duplicates for 2 different inputs have been found), to be sure. but yeah, using it as a hash code would be useful for download checking. because of MD5, people switched to SHA1. the lower number of total hash code bits may be part of the reason for the possibility of getting duplicate hash codes for 2 different files. a bigger file I am told requires a larger number of hash code bits.
there is open source code for doing MD5 and probably SHA1 too.
however, in the USA, your project would probably come under the heading of "encryption/cryptography" due to the number of hash bits or the possibility of "obfuscation" and come under Department of Commerce requirements (see sf.net stuff for that for export controls in the admin panel).
that alone might be a reason to simply relegate it to an external program like a commandline tool which are freely available.
Last edit: Jim Michaels 2014-12-20
Agree. Password cracking is easy with MD5, you just have to find a short string with same hash, but integrity check is totally different. MD5 is enough alone and combined with Sha1 is perfect.
Do you seriously think that computing just checksums(without doing any kind on encryption) require to change 7zip to "encryption/cryptography"? So why sha256 is in 7zip?
Demone:
SHA1 is provided by 7zip alright. And I am not sure why would MD5 support be a showstopper for you? Frankly I am even surprised so see any kind of CRC and checksumming exposed in the UI.
There are tons of dedicated tools to handle checksums: I do not see this feature as essential to 7Zip and more like feature bloat IMHO.
You should check things like https://sourceforge.net/projects/md5deep/
I never expected 7-zip to create right click menu file checksums, but if it doesn't include MD5 then what's the point? This is nessicary OR the entire feature is bloat & third party should be used to get full functionality. There is no middle ground.
This is very silly there is no MD5 calculation in the Windows context menu. The developers can have thier strong views on MD5, but all it does is frustrate their end users when publishers don't provide verfication hashes other than MD5. It's borderline outrageous, as far as being angry about a free utility goes. I think it's far better to at least support the idea of hash checking in general and get users in the habbit of actually checking their downloads than to avoid a trivial feature that supports a hash calculation that is still in wide use.
For me, 7-Zip's checksum feature is indespensible because it comes with a base installation. I don't have administrator rights on some computers I use, but 7-Zip is installed.
Last edit: CSTAR 2016-04-16
@CSTAR : Igor is making a gift of code to you.
The least you could do is show some gratitude, respect his choices and not be unpleasant in your comments.
You are welcome to submit a patch and Igor may consider it or not. You are also welcomed to maintain your fork.
As an aside, I see no reason for 7zip to become a kitchen sink of utilities beyond what it does excellently which is dealing with archives. But because you received this gift of code, you can make it better and contribute rather than complaining.
If the reason for MD5 not to be included is security, it doesn't make sense, because CRC32 and CRC64 are included, they are even less "secure" than MD5.
7-zip needs CRC32, CRC64, SHA-1 and SHA-256 in some archive formats: zip,7z,xz and wim. So 7-Zip implemets these hash algorithms.
There are no archive formats in 7-zip that require MD5. So MD5 was not implemented.