Re: bittorrent download

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Anne Wilson wrote:
On Saturday 17 May 2008 19:06, Peter Gordon wrote:
I have just dowloaded Fedora-9-i386-DVD.iso, which seems to be a
complete and correct download.

The md5sum of the downloaded file is 72601f685ea8c808c303353d8bf4d307
while the downloaded file SHA1SUM contains


SHA1SUM is a different (and many think superior) algorithm. Simply run sha1sum against the file, instead of md5sum,, and you should then match your download against the first line in the fedora file.

Right. For a time sha1sum was harder to forge than md5sum, so it was more secure, and still is to some extent. However, a way to forge sha1sum has also been found, and while it's not common yet, sha256sum is now being used.

The good news is that this extra level of protection isn't necessary unless you suspect hackery, rather than just hardware corruption. So while sha256 is better to use for something you download from an unknown source, sha1sum and md5sum are as safe as ever to detect *random* corruption, particularly for checking backups and the like.

It's a matter of security vs. CPU time, for the FC9-KDS-Live CD:
  md5		user    0m1.858s
  sha1		user    0m4.786s
  sha256	user    0m8.249s
  sha512	user    0m32.050s
This is on a Intel 6600, sort of a middle-of-the-road CPU these days. On a smaller, slower CPU (think laptop) this really gets painful. So you decide how likely you are to get errors (random change) or hackery (attempted stealth), and you choose what you need.

Since bittorrent has per-extent CRC, the chances of corruption are slight if you get the torrent file from a safe source. Hope this helps identify the choices.


--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux