Martin Baxter wrote:
> Richard,
>
> What you say is obviously true, there is no ultimate guarantee from
> checksums.
>
> The checksum is not useless though. It gives pretty good confidence
> that the file didn't get altered in transit, whether by a network
> error, a disk writing error, or by the
On 4/22/2014 8:38 PM, Richard Gaskin wrote:
>
> What am I missing?
>
Not much.
If a website is hacked then the file contents and posted checksum can be
changed and then, as you noted, the checksum is useless as a form of
security.
Checksums were originally intended for file integrity security fo
.278305.n4.nabble.com/file-checksums-tp4678556p4678589.html
Sent from the Revolution - User mailing list archive at Nabble.com.
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
On 23/04/14 01:38, Richard Gaskin wrote:
> I see a lot of sites that offer files to download also including an MD5
> value or other checksum, ostensibly so we can verify the integrity of
> the package before running it.
>
> Sounds good, but if a hacker has sufficient control of a server to
> repla
y servers
> at once?
>
> Al
>
>
>
> --
> View this message in context:
> http://runtime-revolution.278305.n4.nabble.com/file-checksums-tp4678556p4678560.html
> Sent from the Revolution - User mailing list archive at Nabble.com.
>
>
Maybe MD5 and SHA-1 are more useful for files
available in many servers.
What are the chances of hacking many servers
at once?
Al
--
View this message in context:
http://runtime-revolution.278305.n4.nabble.com/file-checksums-tp4678556p4678560.html
Sent from the Revolution - User mailing
I’ve wondered the same.
My guess is that the web page with the MD5 is not on the same server as the
file. But, I have never checked. I suppose the same password might be used
for access to both.
Dar
On Apr 22, 2014, at 6:38 PM, Richard Gaskin wrote:
> I see a lot of sites that offer file
I see a lot of sites that offer files to download also including an MD5
value or other checksum, ostensibly so we can verify the integrity of
the package before running it.
Sounds good, but if a hacker has sufficient control of a server to
replace the package, would he not also be able to upda
