Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, July 30, 2017 10:08 PM | 5 votes
Where does MS document the hashes for its retail Win10 downloads (e.g., Win10_1703_English_x64.iso)? I bought Win10 at the MS Store, and the site provided no hash. (Why?)
Also can I use my retail key to activate Win 10 installed from an MSDN ISO? (MSDN, unlike the MS store, provides download hashes).
Update
The hash is not available from customer service; so far, in several attempts to get it, they have:
1. Denied that such a code exists, and when asked why it isn't available, hung up;
2. Said there's more than one, so they can't give me any;
3. Asked for my license key and said that it's valid, so the download is also valid;
4. Said that the download is valid because I got it from the MS store -- despite the fact that it can be corrupted or attacked in transit.
Does anyone at MS take security seriously? Does anyone at MS read these messages?
All replies (17)
Tuesday, August 1, 2017 2:38 AM
Hi,
We can use retail key to active the image download from MS store, but for the ISO downloaded from MSDN, we cannot activate by using retail key.
We could take use of the following tool to compute the hash of the ISO file:
Microsoft File Checksum Integrity Verifier
http://www.microsoft.com/en-us/download/details.aspx?id=11533
Reference:
Availability and description of the File Checksum Integrity Verifier utility
https://support.microsoft.com/en-us/kb/841290
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Tuesday, August 1, 2017 8:15 PM | 1 vote
I know how to compute the hash. I need an official MS hash to compare my computed hash against. Where can I find the official hash? Why was it not provided by the MS store?
Wednesday, August 2, 2017 6:33 AM
Hi,
I wouldn't completely dismiss ISOs not downloaded from Microsoft servers as non-genuine.
Also, I have to say there is no publish site list all ISOs hash for Windows 10. You can feedback on Feedback Hub about your concern.
I tell you the Hash if you can tell me which ISO you would like to verify.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Wednesday, August 2, 2017 8:27 PM | 1 vote
I tell you the Hash if you can tell me which ISO you would like toverify.
Win10_1703_English_x64.iso . Please post SHA1 or better (e.g., SHA256). BTW, where does your hash come from?
Also, I have to say there is no publish site list all ISOs hash for Windows 10. You can feedback on Feedback Hub about your concern.
Is that the "Site Feedback" link at the bottom of this page? Or something else?
I wouldn't completely dismiss ISOs not downloaded from Microsoft servers as non-genuine.
I didn't ask this question. I downloaded the ISO from an MS server. Of course, any download can be corrupted -- or attacked -- in transit, which is why the publisher always should provide, over https, either (1) a reliable hash (SHA1 or better) and an exact byte length; and/or (2) a reliable digital signature (e.g, GPG).
Friday, August 4, 2017 10:31 AM
Hi,
"I didn't ask this question. I downloaded the ISO from an MS server. Of course, any download can be corrupted -- or attacked -- in transit"
I agree with you. The feedback Hub is build in app in Windows 10, you can submit your advise or suggestion for anything about Windows 10.
I Will post back the SH1 later for you.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Sunday, August 6, 2017 6:43 PM
> I Will post back the SH1 later for you.
?
Tuesday, August 8, 2017 8:33 PM
> I Will post back the SH1 later for you.
ETA?
Tuesday, August 8, 2017 8:34 PM
| I Will post back the SH1 later for you.
Do you have an ETA for this post?
Wednesday, September 20, 2017 2:07 PM | 1 vote
Microsoft should totally publish these. I've downloaded the x64 image twice and the hash matched both times, only downloaded x32 once but hopefully it should be right too. Here's what I got:
md5:
6c8bd404dd95a286b3b3ef3a90e2cb34 Win10_1703_English_x32.iso
effccfda8a8dcf0b91bb3878702ae2d8 Win10_1703_English_x64.iso
sha1:
1af7b5b5914b718c3f2f6e58907f51c36f8a03c1 Win10_1703_English_x32.iso
ce8005a659e8df7fe9b080352cb1c313c3e9adce Win10_1703_English_x64.iso
sha256:
353578c9ece65f49106e058c35455ef010d933ca132708b8424ec8163b5709dc Win10_1703_English_x32.iso
b842a801bf1dedf3acbfd909f91fb2a741eef20fda133daa1878e46a07ec9237 Win10_1703_English_x64.iso
Tuesday, November 7, 2017 9:46 PM | 2 votes
Here's an archive of all Win 10 ISO files (and all the other stuff from the MSDN / Visual Studio portal):
https://www.heidoc.net/php/myvsdump.php
Friday, December 15, 2017 12:00 AM
Hello, As the original poster of this thread asked before; will you kindly tell your source of this information for the hash regarding the windows 10 ISOs please.? I ran them on what I have and got a match, so thank you for that. I would just like to know where you actually got these figures. Enjoy your night! (;
Friday, December 15, 2017 12:28 AM
I believe I've been pretty clear on the source of the hashes on the site I referenced... They come from the download portal on my.visualstudio.com.
If you want to verify for yourself, you'll need to have an MSDN subscription (or reverse engineer the API).
Sunday, March 31, 2019 5:28 PM
Here another archive:
I believe itsrun by this guy:
https://twitter.com/rgadguard?lang=en
https://tb.rg-adguard.net/public.php
Sunday, April 28, 2019 1:30 PM
But, this is utterly redundant - as you have no idea whether these are authentic hashes or not.
Microsoft are the only organisation that should publish a hash for its ISOs, PERIOD.
If it cannot publish a hash the user cannot authenticate that this is authentic ISO released by Microsoft.
Does nobody, other than a small group of people, not understand this? Or is Microsoft trying to lure people into a false sense of security.
Saturday, June 8, 2019 3:33 AM | 1 vote
Every time I accidentally visit Microsoft "support" site, I end up infuriated. Like seriously, most every piece of software available to download lists a AT LEAST one checksum, and many include multiple, such as MD5, SHA1, and SHA256. This is amateur level stuff, and is somehow met with total ignorance and "misunderstanding" of why anyone would want/need this information.
If was a new developer on GitHub, I would understand it, but no way that such a vast network of developers operating on the scale of Microsoft has not not thought of this, and doesn't see its value, yet where he are, still no checksums to compare. Do you really expect people to have to open a support question for each and every download so that someone can "get back to them" with the results? This is comical.
I compare checksums for the simple purpose of checking file integrity, ESPECIALLY ON AN INSTALLER IMAGE!
Let's say something went foobar during my download, a small sector got screwed up. I being unaware proceed to flash the image to a USB stick, proceed through an install process, format by existing drives, and during install it comes across this bad part and BOOM, bricked system, have to go through booting into Linux live media to attempt to get this all fixed. Could have been preventing by simply knowing my installer image was corrupted to begin with.
This is not some "edge" case, this is COMMON, just take a look at google for people searching "windows installer 0x800XXXXX" errors. Is listing checksums really that foreign of a concept?
Wednesday, September 11, 2019 3:24 AM | 1 vote
ETA on when (or if) we'll ever get any Microsoft employee, literally ANY Microsoft employee who has access to the Windows ISO files locally, to provide us with some basic MD5, SHA1, and/or SHA256 hashes?
It doesn't even have to be local access. Let's say as long as it wasn't downloaded over a WAN connection, and doesn't take >100 hops on the LAN to get there, let's call it good if you get 2 separate downloads that generate identical hashes.
Even just the most recent publicly available version of the Windows 10 ISO would help a ton of people.
It may be too much to assume that MS stores the ISOs available for download in some centralized fashion. And even if they did, I guess it's too much to ask for say, a PowerShell script that finds all ISOs within a folder, calculates the MD5/SHA1/SHA256 checksums of each, then pulls each of them into a single folder ready for publishing under any valid microsoft.com URL.
I guess it's even too much to ask for an ETA on such a project.
Tuesday, December 31, 2019 2:13 PM
And I believe this is why MS is not going to make the next 10 years.
They've long operated under the assumption that their users are idiots (and tried to keep them that way).