l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2002 May 17 00:06

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] MD5 Checksums and Public Downloading
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] MD5 Checksums and Public Downloading



Quoting Micah Cowan (micah@cowan.name):

> Can somebody explain to me what the point is for generating checksums
> for verifying downloaded files? 

It's supremely annoying to download 660 MB, burn it to CDR, get a
coaster, and be uncertain as to why.  Quickly checking the md5sum
catches the mangled file immediately.

This is particularly important when you are either making the files
available electronically for others, or have others relying on your
CD-ROM collection (and you don't have time to check the CD contents,
minutely).

> I should think that such things as PGP signatures would be infinitely
> more valuable to ensuring the integrity of data.

1.  You mean GnuPG.  PGP is a dead proprietary product.

2.  PGP/GnuPG isn't designed for signing of large files.  I'm not even
sure what happens if you try that.  I'm not sure it hashes the entire
file.  MD5 was designed to do exactly all of that, and is fast for what
it does.

3.  For those GnuPG signatures to be useful for authentication requires
a raft of other things, including reliable distribution of public keys
and/or an extensive web of trust.

-- 
Cheers,     "Learning Java has been a slow and tortuous process for me.  Every 
Rick Moen   few minutes, I start screaming 'No, you fools!' and have to go
rick@linuxmafia.com       read something from _Structure and Interpretation of
            Computer Programs_ to de-stress."   -- The Cube, www.forum3000.org
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.