7

Why the fuck is the link for Ubuntu Gnome 17.04's MD5 returning a 403? WHAT THE FUCK

Comments
  • 0
    @rEaL-jAsE I'd rather check the MD5 first, but you do you :)
  • 1
    Just download the fucking thing.
  • 1
    @Cyanide my internet is shit and I'm very OCD about security.

    Does that explain why I won't just fucking download it?
  • 0
    @DucksCanCode Haha. Sorry for irritating you :) Do what satisfies you.
  • 0
    Isn't MD5 not secure anymore?
  • 2
    @c3ypt1c you... It... MD5... WHAT?!?

    it's the hash for the file... It doesn't need to be secure for a hash. If ANYTHING is different, the hash is different. It's to check file integrity.
  • 1
    @DucksCanCode Pigeonhole principle. When the hash is shorter than the data being hashed, collisions are inevitable.
  • 0
  • 0
    Tell me if I'm being stupid, but doesn't TLS have some form of MAC, so that messages cannot be altered (or corrupted) easily?
  • 0
    I'm interested too. If someone was able to alter the file you download, wouldn't they be able to alter the hash too?
  • 1
    @sSam checksums are typically gpg-signed, so if someone altered the file containing the hashes you'd notice that.
    Eventually it comes to a point where the information that you need to verify that everything is correct is so widespread that you can't possibly replace all sources with a corrupted version
  • 0
    @sSam not that I can think, it's like a file fingerprint. To match the hash on their site with the file, you'd have to either modify the hash on the site to match your dirty file, or if you're targeting a specific person swap their md5sum with a script that checks if the file is your ISO then spit out the websites hash.
  • 0
Add Comment