l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 May 17 00:06

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] MD5 Checksums and Public Downloading
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] MD5 Checksums and Public Downloading

On Thu, 2002-05-16 at 00:13, Peter Jay Salzman wrote:
> begin Micah Cowan <micah@cowan.name> 
> > Can somebody explain to me what the point is for generating checksums
> > for verifying downloaded files?  If the primary purpose is security,
> > what is to prevent a malicious person, either "man-in-the-middle" or
> > someone who tampered with a repository, from generating a new MD5 sum
> > for you to verify?  What exactly does the checksum prevent?
> i think the point here is a preponderance of evidence.  md5sums are
> usually published in a variety of places, and it would be hard for said
> malicious person to tamper with the whole bunch of them.

H'm...  I must have been seeing them in different places than you,
then.  I sometimes see MD5 sums simply distributed side-by-side with the
software they checksum; in fact, it was on seeing this that I posted to
the group (no, I don't remember what software it was).

> > If the primary purpose is simply to guard against corrupt data, I'd
> > hardly think it worth the effort, considering I very rarely get
> > corrupted data.
> you're probably right here, but i think the keyword here is "i" (or
> rather "you").  other people may not be so lucky.  certainly back in the
> 80's when i was using a modem to transfer \/\/arez, errors were pretty
> common place.  modems didn't have error detection like they do today.

People have pointed out that it's useful for very large files, which I
wasn't really considering, and can certainly understand.  I was mostly
interested in its intended purpose for security, really - as I'm having
trouble seeing how that purpose is served.


vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!