Official WinHasher Site: http://www.gpf-comics.com/dl/winhasher/
Last Updated November 30, 2007
From Wikipedia:
In cryptography, a cryptographic hash function is a transformation that takes an input and returns a fixed-size string, which is called the hash value. Hash functions with this property are used for a variety of computational purposes, including cryptography. The hash value is a concise representation of the longer message or document from which it was computed. The message digest is a sort of "digital fingerprint" of the larger document. Cryptographic hash functions are used to do message integrity checks and digital signatures in various information security applications, such as authentication and message integrity.
A hash function takes a long string (or "message") of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint. A hash function (also called a "digest" or a "checksum") is a kind of "signature" for a stream of data that represents the contents. One analogy that explains the role of the hash function would be the "tamper-evident" seals used on a software package.
In various standards and applications, the two most-commonly used hash functions are MD5 and SHA-1.
For more information, look up "cryptographic hash function" on Wikipedia.
As described in the synopsis above, one of the primary uses of cryptographic hashes is to verify and validate computer software or digital files. It is common practice among many developers, especially in the Open Source community, to provide a hash of a file next to its download link. Once the user has downloaded the file, they can generate a hash using the same hashing algorithm on their own machine and compare this computed hash to the hash listed on the originating site. If the two hashes match, the user can then safely assume that (1) the downloaded file arrived intact and uncorrupted and (2) it has not been tampered with since the original hash displayed on the site was posted.
However, security experts will wisely caution that this does NOT guarantee that downloaded file is completely safe. A hacker or malicious system administrator could have easily modified the file after the developer posted it, recomputed the hash, and placed the modified file and hash in the original's place. It also does not guarantee that the file is free from viruses, trojans, or other malware that have infected the file before the hash was computed. Therefore, cryptographic hashes should be just one in a series of checks a user should perform before deciding that a file downloaded from the Internet is safe to use.
Cryptographic hashing is readily available on many computer operating systems. It often comes built-in to the OS or as a (relatively) standard optional package. Mac OS, Linux, Free/OpenBSD, and many other OSes include OpenSSL as either a pre-installed or easily installable optional component. OpenSSL includes several command-line components for generating cryptographic hashes and there are number of graphical user interface (GUI) applications that allow point-and-click access to its capabilities.
Not so with Microsoft Windows. Windows does not include any built-in utilities for cryptographic hashes, and installing and using OpenSSL on Windows is not a trivial matter. The typical Windows user of today is much less familiar with the Windows Console (i.e. command line) let alone compiling software from source. And while cryptographic hashes are pretty much standard in programming libraries such as the Microsoft .NET Framework, the user is required to write and compile their own applications to use them.
This "hashing divide" has annoyed me for some time. While I consider myself to be an operating system agnostic and find myself equally home on both Windows and Linux, there are many times I've downloaded Windows-only software but didn't have the capability to verify the file's hash. Either I've been unable to install and run OpenSSL on a given machine, or I haven't had the time or access to a Linux box to copy the file over, generate the hash, and verify it before install. So I wanted to create a quick, simple, easy-to-use Windows app so I could get the hash of a file without waiting or moving it around. I also thought it would be a nice idea to be able to quickly compare the hashes of multiple files without having to generate each one and manually check every hexadecimal digit, so I added that functionality too. After writing the program, I thought it might be useful to others, so I decided to share.
WinHasher supports the following cryptographic hashes, which are made available by default through the Microsoft .NET Framework either as pure managed classes or interfaces to the unmanaged Microsoft CryptoAPI:
In addition, the following hashing algorithms have been added, either from freely available sources or completely written from scratch by myself:
It is my eventual goal to include other cryptographic hashes into this application, either by including code from freely available sources or by writing the algorithms myself.
[ Return to Table of Contents ]
The primary system requirement for WinHasher is the Microsoft .NET 2.0 Framework. This is a special series of common libraries that specially-built applications can call upon to provide standard Windows functionality. (Hard-core developers will recognize this is a gross oversimplification, but that should suffice for most people.) As such, WinHasher will not work unless .NET 2.0 is installed. .NET itself has its own system requirements that must be met in order for it to be usable, but if your system meets these requirements running WinHasher will be no problem.
To download the Microsoft .NET 2.0 Framework or obtain more information about it, click here. It should also be available through Windows Update or Microsoft Update on most versions of Windows newer that Windows 98SE. Note that .NET 3.0 or higher is NOT an "upgrade" from 2.0; it is a separate framework, designed to be installed alongside 2.0. So if you have .NET 1.1, 3.0, or any other version of the framework installed, you still must install .NET 2.0 for WinHasher to work.
Beyond .NET's own requirements, WinHasher doesn't require much. However, since cryptographic hashes are very CPU intensive to produce, it should be pointed out that WinHasher will perform better with more RAM and CPU horsepower available. Therefore, the faster your CPU is and the greater amount of free RAM available, the faster WinHasher will work. This is especially true for multi-file comparisons of very large files.
Installing WinHasher should be a breeze, thanks to InnoSetup. Simply download and run the installer program, just like you would for virtually any Windows application. However, the setup program include a number of options that can get confusing, so let's talk a little about each one.
After choosing the install location, you will be presented with a series installable "components." There are three main components: the WinHasher Windows application, the WinHasher console (command-line) application, and the HTML help files. Since this help file pertains to the Windows application, we will ignore the console application option for now; suffice it to say that if you don't work with the console much, you probably won't need the console version of WinHasher. Installing the HTML help installs this file and the necessary shortcuts to access it.
Under the Windows application component, there are a series of subcomponents. The first is the option to create a desktop icon. This option will put a shortcut to WinHasher directly on your Windows desktop. If you install WinHasher from an administrator account, this will place the icon on the desktop for every user on that machine; otherwise, it will only install the icon for you alone.
After the desktop icon option, you will see a series of shortcuts that can be placed in the "'SendTo' menu". This corresponds to the "Send To" option in the context menu in Windows Explorer. You can chose to install all the shortcuts, or just the shortcuts for hashes that you intend to use. Note, however, that even if you install WinHasher as an administrator, these shortcuts will only be installed for your login. For more information on these Send To shortcuts, see the relevant section below.
One of the beauties about using the .NET Framework to develop WinHasher is that it's technically not restricted to Microsoft Windows. Anyone can (in theory) develop their own .NET framework based on Microsoft's specifications to run on any platform, and thus run any .NET application built for that framework. Mono is one such project which runs .NET client and server applications on Linux, Solaris, Mac OS X, Windows, and Unix. However, at the time of this writing, Mono mostly supports .NET 1.1 and only partially supports .NET 2.0. MoMA reports that WinHasher should work with Mono 1.2.5 (or higher, I assume). However, I do not plan to officially offer support for non-Windows use of WinHasher. Personally, I think there are much better tools already available for other OSes, and you'd be better off using those instead. Still, if you're a glutton for punishment, feel free to give it a try.
[ Return to Table of Contents ]
How you launch WinHasher depends on what options you installed. You can always launch WinHasher by going to the Start menu and navigating to the WinHasher group. Then just select the WinHasher menu item and it will start right up. If you chose to install a WinHasher icon on your desktop, you can also double-click that icon to launch it.
When WinHasher opens, it creates a small window with two tabs and a series of common controls. The two tabs represent the two main functions of WinHasher, while the common controls apply to the program as a whole.
At the bottom of the WinHasher window is a series of common controls that apply to both functional tabs. The most important of these controls is the Hash drop-down list. This drop-down allows you to select which cryptographic hash to perform in the next operation. There are a number of hashes available in WinHasher; which hash you use is up to you. Each one has its strengths and weaknesses. However, if you are planning to validate a downloaded file, chances are that you'll have to select the same hash as the one used by the file's site online. If generating hashes for your own purposes, try to take into account the various caveats when choosing an algorithm to use.
Next to the Hash drop-down is the About button. This button displays another window that shows the version number, copyright and license information, and (if this file is present) a button to launch this help file. On the other side of the About button is the Close button, which oddly enough closes WinHasher. WinHasher can also be closed by the standard Close button in the title bar or by the standard Windows Alt+F4 hotkey combination.
The Hash Single File tab allows you to compute the cryptographic hash of a single file. To select a file, either type the full path to its location in the File to Hash text box, or click the Browse button to open a file dialog and select the file from there. If you browse to find a file, its location will be populated into the File to Hash box once the browse window closes. Once a file is selected, the Compute Hash button becomes enabled. Select a hash from the Hash drop-down and click this button, and the computed hash will appear in the Hash text box. To hash a different file, repeat the same process for each file that you want to hash. If for some reason an error occurs, the File to Hash box will clear and the Compute Hash button will become disabled.
In general, computing the hash of a single file is a quick operation. However, note that the larger the file is, the longer it will take to compute its hash. The size of the file should not cause any problems; WinHasher streams the file once it opens it, so it can be of any arbitrary length. However, if there's a lot of data to hash, it will take longer to get the result.
While performing the hash, WinHasher displays a small progress dialog box showing how far along the hash is. There is a Cancel button on this dialog; click this button will abort the hashing process. The dialog will disappear when the hash is complete.
The Compare Files tab allows you to compute the hashes of several files at once and automatically compare the hashes to see if the files are the same. Note that files are considered "the same" only if their binary contents compute to the same hash. Thus, the file's name, location, and time stamp are unimportant; only its contents are compared. The individual hashes for each file are not displayed. Instead, a summary dialog appears, indicating whether the files match or not. Note that this is an all or nothing comparison: If every file in the list computes to the same hash, then they are all said to match; if at least one file has a hash different from the rest, then all the files fail. For this comparison, which hash you choose is largely unimportant, but a general rule of thumb is that the more bits that are available in the hash, the less likely it will be that you'll hit upon a collision (i.e. an artificial false-positive match).
To start comparing files, click the Add button in the bottom left corner of the tab. A file dialog will appear where you can select one or more files. Note that you can select as many files as you want in this dialog. When you click the Open button, the file dialog goes away and the selected files are added to the Files to Compare list box. To add more files, click Add again, select more files, and click Open. Note that a file with a given name and path can only be added to the list once; if a duplicate file is added, it is silently dropped. (Files with the same name but different paths are not considered duplicates.) If you want to remove one or more files, click the file's name in the Files to Compare list box. You can use the standard Shift+Click or Control+Click combinations to select multiple files at once. When at least one file is selected, the Remove button becomes enabled. (The Remove button becomes disabled when no files are selected in the list.) Click the Remove button to remove the files from the list. Repeat this process of adding and removing files until you have the complete list of files you want to compare. As a shortcut, you can clear the entire list with one click of the Clear List button.
Once your list is complete, select the hash to use with the Hash drop-down. The Compare Hashes button should become enabled if two or more files are in the list box. (If the list is empty or there's only one file, this button will become disabled.) Click this button to generate and compare the hashes. Note that this operation could take a long time, and the wait will grow longer depending on the number and size of the files being compared. A progress dialog box will appear, indicating how many files have been successfully compared so far. It also contains a Cancel button to allow you to abort the comparison. Once the comparison is complete, a resul dialog box will appear with the result. Remember, this is an all-or-nothing comparison; either they all match, or they all don't.
WinHasher supports dragging and dropping of files. Instead of going through the various buttons in the interface, you can drag files from Windows Explorer into WinHasher. The action to be performed depends on which tab is active at the time, so make sure to select the tab of the operation you want before you drop your files.
If you drop a single file on the Hash Single File tab, that file's location will be populated in the File to Hash text box and the hash specified in the Hash drop-down will be automatically computed. To use a different hashing algorithm, change the hash in the Hash drop-down and click the Compute Hash button. If you drop multiple files into this tab, it will produce an error, as this tab only works on one file at a time.
If you drop one or more files onto the Compare Files tab, the files' paths will be added to the Files to Compare list box. Duplicate paths are silently dropped. Files that are already in the list are preserved, so you can drag and drop files from various locations and slowly build up your list without clearing it. Removing files operates as described above. Once the list is ready, you can click the Compare Hashes button to compare the files.
When you install WinHasher, you are given the option to add WinHasher shortcuts in the "Send To" portion of the Windows Explorer context menu. This menu appears when you (usually) right-click a file in Explorer and gives you the option to open, copy, cut, rename, see the properties of, etc. the selected file or files. (Of course, if you've swapped your mouse buttons, left-click to bring up the context menu.) With the WinHasher shortcuts in your Send To menu, computing the hash of a file or comparing multiple files is as simple as a click away.
To compute the hash of a single file, select that file in Windows Explorer and right-click to bring up the context menu. Select Send To, then the WinHasher hash to compute. What hashes are available depends on which shortcuts you created during the install. Note that each shortcut will use a single hashing algorithm (for example, "WinHasher MD5" will only perform MD5 hashes). Once the shortcut is selected, WinHasher will silently load the file and compute the hash. The progress dialog will let you know the process is running; the main application window will not open. When the hash is ready, the progress dialog will disappear and a dialog box will appear, displaying the computed hash. When the dialog is dismissed, WinHasher will silently close.
To compare multiple files, select each file to compare using the standard Windows Explorer Shift+Click and Control+Click actions. Once all the files are selected, right-click to bring up the context menu, select Send To, and then the WinHasher shortcut of the preferred hash. The hash of each file will be silently computed and compared and the progress dialog will let you know how far along the process is. A single dialog will eventually appear showing the results. When the dialog is cleared, WinHasher will exit.
[ Return to Table of Contents ]
This document is © Copyright 2007, Jeffrey T. Darlington. It and the software it describes are released under the GNU General Public License, Version 2.