[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] Embedding md5's in iso's...

> Ok, I was a little confused here at the first reading, becase it looked
> like you planned to add the MD5sum into the ISO image, thus changing its
> MD5sum, which would require to recalculate the MD5sum, which would be
> inserted...
> But after reading through the source tar, I understand what it does. ;-)

Yes, it's an interesting technique. The entire user data area is scanned
but not modified because the resulting MD5 is written to a separate
Application Data area.

> Well, problem here: You need another special program to verify the
> checksums, plus you would have still no guarantee whether the image was
> manipulated by someone, because there is no digital signature embedded.

You can make the data area's MD5 cryptographically traceable to you by
adding its value to the one you already post and sign for the iso image.
Currently, the implantisomd5 outputs this value to the screen but
checkisomd5 doesn't... which would be easy to change.

I wasn't thinking of this in terms of authentication, however... just as
a convenient "built in" way to verify that a copy process had succeeded.
Checkisomd5 is only 40K so it seemed like a very lightweight approach
that could be useful when many generations of copies are made... like
our LUG members wildly do when a new version of Knoppix is released! :) 

Best regards,

-Tom Lisjac

debian-knoppix mailing list

Reply to: