MD5 file integrity check

I know that hash functions make calculations, and the final result is string with fixed length. They are used to verify that files are the same - downloaded files, for example. There is hash presented by the owner of the file, and so the integrity check in this case is comparison of the 2 hashes.

So is this the 开发者_运维百科only file integrity check or there is another thing?

Any integrity check short of a byte-for-byte comparison is unavoidably hash-like. That said, before cryptographic hashes like MD5 became commonly used, simpler algorithms generically called "checksums" were used. Some were standardized (try looking up, for example, CRC32) to one degree or another.

The quality of these methods varies widely. A CRC32 checksum can easily miss corruptions or modifications in a file of any substantial size, for example, while any of the common cryptographic functions (e.g. MD5 or SHA*) are pretty good indicators of integrity.

Be careful about what you use and for what purpose, though -- MD5 and SHA-1 are no longer considered secure against malicious attack (they're just fine if you're just using them as a "better checksum", though).

Usually that's all. However this doesn't check who the file came from. The latter is achieved by a digital signature which is more complex.

Also MD5 (as well as SHA-1) has been broken and so should not be used in scenarios where intentional file modification might have occured. Stronger hash functions should be used.

Hash functions are used for integrity reasons in many areas such as networks. On the other hand have a weak notion of integrity so most of times are avoided. They take an arbitrary length input and they produce (usually compress the data) to fixed length. How the hash function is checked? Like you said, the receiver produce the hash function of the message and then checks the two values. Moreover, this function do not authenticate the sender of the message that is why "Digital Signatures" exist. When someone signs the message cannot deny that he performed the specific action, so signatures provide "non repudiation' too. You have to be careful thus what function you are going to use. MD5 are weak in contrast to SHA-1, SHA-2. You can also try mcrypt and scrypt which are the strongest ones.