why its written md5 along with download of any language such as php,ruby etc?

Question

This question may sound silly but while navigating any computer language site i usually encounter a MD5 value written within bracket or beside the download link of the language.

why MD5 is been provided ? What is its use there ? Does it help in downloading process ? which value's MD5 is given over there ? Is it there release version's MD5 value.

Such as:

1. PHP //MD5 is privided
2. Ruby //MD5 is given
3. Python //again MD5

Why is it so ?

Answer 1

md5 is not strictly speaking encryption. This is a message-digest ("hash") algorithm. It is not reversible. Think of this as a finger print for the file. Other algorithms are available: SHA-1, SHA-256 to name few popular options.

Obviously, all hash algorithms are vulnerable to collision (there is a finite number of hash values, but an infinite number of input documents). The chances of collision "by mistake" are small, but it has been proved since something like 10 years ago that one could forge a fake document having the same md5 hash as the original. In fact, for md5, this is even worst, because I'm able to choose the prefix of the "fake" document, and by adding some "magic garbage" at the end of it, to produce a "fake" archive with the same md5 hash as the original.

As of today, the main use of md5 should be to check the integrity of a document against download errors. Not much more than that.

It shouldn't be used to protect against malicious tempering.

Answer 2

If some of the downloading mirrors will be hacked to inject code in binaries, md5 of binaries will be changed. So by checking md5 of downloaded file you can be sure that your file is not modified.