Here are my (semi-randomly organised) thoughts on the subject of MD5s
for downloads.
Firstly, MD5 is not a checksum algorithm, it is a hash. That may seem
pedantic but it's an important distinction. The .dmg files in which
Camino is distributed already have a built-in checksum, which should
be quite sufficient for checking for corruption.
As Stuart Morgan pointed out, an attacker who controls a mirror can
easily create an MD5 hash for any malicious files he inserts. So MD5
is only useful for verifying the authenticity of a file if you use
the hash from a master server and the file from a mirror. This
process would be difficult to automate and you still have to trust
that the master site has not been compromised.
The real solution to the problem of verifying the authenticity of
downloaded files is to provide GPG signatures. Then users can have a
high degree of certainty that the file is endorsed by the Mozilla
Foundation, since they can verify the signature with the Foundation's
well-known public key. This shouldn't be too hard to automate either.
The downside is that it would require libgpg.
Cheers,
Josh
_______________________________________________
Camino mailing list
[email protected]
http://mozdev.org/mailman/listinfo/camino
