Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]
- From: David Brodbeck <gull@xxxxxxx>
- Date: Mon, 09 Apr 2007 12:29:52 -0700
Michael Skiba wrote:
...sure it'll be possible to have two files with the same,
the point is, that it is almost impossible to make use of it to attack
something, since the file with the same md5sum must be valid and
contains the
destructive code and this will be rather difficult.
Right. On the other hand, if someone has access to the web server to
plant their malicious files, they also have access to the files that
hold the checksums. So in practice checksums are good protection
against files corrupted in transit, but rather weak protection against
malicious modifications. To check for that, you'd use PGP and get the
public key from a keyserver or some other source, *not* from the
webserver you downloaded the file from.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
- Follow-Ups:
- References:
- Re: [opensuse] best file distribution technology for my case?
- From: Ryouga Hibiki
- Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]
- From: James Knott
- Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]
- From: Carlos E. R.
- Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]
- From: Michael Skiba
- Re: [opensuse] best file distribution technology for my case?
- Prev by Date: [opensuse] Re: Another grep question
- Next by Date: Re: [opensuse] to spamassassin or not to spamassassin
- Previous by thread: Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]
- Next by thread: Re: [opensuse] unique checksum? [Was: best file distribution technology for my case?]
- Index(es):
