[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] Embedding md5's in iso's...

On Fri, Apr 11, 2003 at 06:35:02AM -0600, Tom Lisjac wrote:
> As reliable as most hardware is, corruption from bad ram and erratic i/o
> is a definite risk anytime a CD is copied. To help prevent damaged ones
> from spreading, I've been encouraging the CD swappers at my local LUG to
> start embedding MD5 checksums into their downloaded iso images. With the
> checksum on the media itself, the initial and next generation copies can
> be easily verified against the original iso image.

Ok, I was a little confused here at the first reading, becase it looked
like you planned to add the MD5sum into the ISO image, thus changing its
MD5sum, which would require to recalculate the MD5sum, which would be

But after reading through the source tar, I understand what it does. ;-)

Well, problem here: You need another special program to verify the
checksums, plus you would have still no guarantee whether the image was
manipulated by someone, because there is no digital signature embedded.

Worse: isomd5sum is not available in any Debian repository (yet), and
Windows users could probably not use it at all.

Solution: You can still get the MD5sum of old images from the mirrors.
They are in the "md5-old" subdirectory.

But embedding the MD5 checksum of a complete CD right into the image
itself could be an interesting thing for our LinuxTag hacking contest.

-Klaus Knopper
Klaus Knopper                           Technical Solutions & Finances
knopper@linuxtag.org                          http://www.linuxtag.org/
Phone +49-(0)631-3109371                        Fax +49-(0)631-3109372
LinuxTag 2003 - Europes largest Linux Expo       Where .com meets .org
debian-knoppix mailing list

Reply to: