PureBasic Forums - English

Where is the "md5 Checksum" of PureBasic 5.62 Setup File (x86 & x64)?

Here.

I don't think he want's to calculate the checksum but he wants to know the original checksum to compare it to the one he downloaded.

Exactly! I want to verify the PureBasic 5.62 (x86 & x64) for Windows, Full Version, downloaded from the "Registered users area".

All I can I do is downloading it by myself, md5-ing it and send you the checksum. But the better way would be that Fred puts the MD5 or better SHA256 checksums online.

But why in the first place you want to check the checksum? Are you not sure if your browser, DNS settings or similar things were manipulated?

This would be a security check that the PureBasic download site was not altered. Better to use sha256.

skywalk wrote:This would be a security check that the PureBasic download site was not altered.

That's what the entire point of HTTPS is for. No need to checksum anything.

I was not questioning https. Merely, that I am downloading a trusted file from a provider.
I don't really know the Purebasic servers, so I must trust they are genuine. Without a remotely secured hash of the install package, it is possible, though difficult, for a bad actor to replace the installer on the download server. You really should verify the files you download or run them in virtual machines.

If the website itself is compromised then a hash offered by it could be as well so its pointless. It would only help if your connection would has been compromised when downloading the installer and if it's not compromised when downloading the hash. Even if the hash would be hosted by a different server you have to equally trust that other server and your connection. I have the suspicion someone wants to compare an installer acquired by other means. Note that "Registered users area" is the caption used before you log in. But I don't want to falsly accuse anybody.