l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 May 16 07:39

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] MD5 Checksums and Public Downloading
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] MD5 Checksums and Public Downloading

Can somebody explain to me what the point is for generating checksums
for verifying downloaded files?  If the primary purpose is security,
what is to prevent a malicious person, either "man-in-the-middle" or
someone who tampered with a repository, from generating a new MD5 sum
for you to verify?  What exactly does the checksum prevent?

If the primary purpose is simply to guard against corrupt data, I'd
hardly think it worth the effort, considering I very rarely get
corrupted data.

I should think that such things as PGP signatures would be infinitely
more valuable to ensuring the integrity of data.  Literally -- since I
still don't understand how checksums accomplish that task at all.


vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.