Re: Warning Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System

[Seeker <seeker5528@comcast.net>]

On 2/23/2016 3:08 AM, Nicolas George wrote:
> Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
> > The ISO checksums are provided more for transport verification than
> > for the fight against intentional mainpulation.
> If that were true, CRC32 would be enough.
Is that a 'Law of averages' thing?

I'll leave the security stuff to others.

If you take security out of the equation, simple true or false.

1. A corrupted download is better able to be detected when using MD5 
than it is with CRC32.

2. A corrupted download is better able to be detected when using SHA 
than it is with MD5.

I don't typically have an issue with corrupt downloads, but still there 
are those days where
something is a bit flaky somewhere in the chain and downloads show 
intermittent periods
of inactivity, sometimes failing and having to be resumed or restarted, 
sometimes multiple
times to get a completed download.

Murphy's law 'Anything that can happen will happen', it's possible for a 
download with
random corruption to pass verification, it will happen eventually. The 
higher the risk
of corruption, the higher the odds are, however small those odds might 
be, that you get a
corrupted download that passes verification.

If I have extra reason to suspect corruption might occur I definitely 
want to use the most
capable option for detecting that. Just because that is not generally 
that case doesn't mean
I generally want to settle for a less capable option.

Later, Seeker