Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Cyanide my internet is shit and I'm very OCD about security.
Does that explain why I won't just fucking download it? -
@c3ypt1c you... It... MD5... WHAT?!?
it's the hash for the file... It doesn't need to be secure for a hash. If ANYTHING is different, the hash is different. It's to check file integrity. -
@DucksCanCode Pigeonhole principle. When the hash is shorter than the data being hashed, collisions are inevitable.
-
cyclic3387yTell me if I'm being stupid, but doesn't TLS have some form of MAC, so that messages cannot be altered (or corrupted) easily?
-
sSam14837yI'm interested too. If someone was able to alter the file you download, wouldn't they be able to alter the hash too?
-
endor56667y@sSam checksums are typically gpg-signed, so if someone altered the file containing the hashes you'd notice that.
Eventually it comes to a point where the information that you need to verify that everything is correct is so widespread that you can't possibly replace all sources with a corrupted version -
@sSam not that I can think, it's like a file fingerprint. To match the hash on their site with the file, you'd have to either modify the hash on the site to match your dirty file, or if you're targeting a specific person swap their md5sum with a script that checks if the file is your ISO then spit out the websites hash.
Related Rants
Why the fuck is the link for Ubuntu Gnome 17.04's MD5 returning a 403? WHAT THE FUCK
question
ubuntu gnome
ubuntu
md5
security