Other Software > Developer's Corner

md5 / sha1 hashes What's the point?

<< < (2/3) > >>

mouser:
not from people mysteriously noticing a random string of hexadecimal digits changed
--- End quote ---

All it takes is one person with an automated website-change watching program to easily and instantly spot (or be notified) when there is a change on a web page. Quite a few people run such tools (including me).

mouser:
Who ever checks that hashes are identical in multiple locations though before checking the download hash matches it?
--- End quote ---

I don't, but some people do.

And really I think the main point is not to prevent the possibility that someone could get fooled into downloading a maliciously modified file.  The point is to set up a kind of early warning system so that it wouldn't go unnoticed if someone were tampering with files, and a way for people who NEED to make sure they have the official release to verify this.

You're never going to be able to prevent a malicious attacker from tricking a few people to downloading a trojaned file.  But you can make it fairly easy to rapidly detect when such attacks are attempted on trusted distribution sites, etc.

Ath:
We also use the md5 to verify ftp downloads on unix as that sometimes messes up downloads.

Ampa:
I use MD5 hashes to quickly run suspicious files through the VirusTotal system... it allows you to see results from their database for a specific file that has been tested in the past, without having to upload the file yourself.

skwire:
I use hash files (mainly SFV files) to verify that my media collections do not get corrupted over time.  They also are great for verifying files after moving them from one computer/drive to another.

Navigation

[0] Message Index

[#] Next page

[*] Previous page