Hi Well, i may even throw-in my 2 cents to the subject, and tell me if i am wrong: A fedora was burned, and the burned cd did not mach the iso. Now , I dl-ed fedora, and had to burn the iso 3 times, before i got one that actually tested ok. All that on a burner that did not produce a single coaster in a year or so, and did not produce abovementioned coaster since. I really dont have a good explanation, but this is what i experienced. needless to say, the other 2 isos where ok the first time :-) Cheers Szemir
On January 21, 2004 20:15, Curtis Sloan wrote: > On Wed, 2004-01-21 at 19:44, Trevor Lauder wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Curtis Sloan said: > > > On Wed, 2004-01-21 at 11:43, Jason Louie wrote: > > > The answer lies is in the way the MD5 algorithm works. It produces a > > > unique 128-bit checksum for any given arrangement of bytes. > > > > Not to throw another variable into the mix, but it is possible to have 2 > > completely different files with the same MD5 checksum. The algorithm > > creates enough different checksums to make this improbable but it is > > still a possibility. That is why md5 has never been sufficient evidence > > that files are the exact same, which is why they also use gpg/pgp to > > verify files. > > Actually, GPG/PGP signing is used to verify that the source of the > files/MD5 checksums are 'trustworthy' (i.e. that a hacker didn't breach > a server, replace the files and create new checksums to go with the > trojaned files). The premise of 'signing' a file is that the asymmetric > public key cryptography is at least as hard as MD5 to crack, and as such > 'verifies' that the MD5 checksum provided is the one hashed out by the > author of the file. So, in essence, it verifies the verifier. :-P > It's one level deeper in the security scheme. > > > The chances of this happening are extremely small though. > > That's true. :-) > > From the RFC (link below): > > [The MD5 algorithm] takes as input a message of arbitrary length and > produces as output a 128-bit "fingerprint" or "message digest" of the > input. It is conjectured that it is computationally infeasible to > produce two messages having the same message digest, or to produce any > message having a given prespecified target message digest. The MD5 > algorithm is intended for digital signature applications, where a large > file must be "compressed" in a secure manner before being encrypted with > a private (secret) key under a public-key cryptosystem such as RSA. > > The key words here are "computationally infeasible", as opposed to > mathematically infeasible. Basically, the MD5 algorithm has the > potential to be reversed, but our current computers are not up to the > task (yet). > > For more on MD5, see http://www.faqs.org/rfcs/rfc1321.html > > Curtis > > > Cheers, > > > > Trevor > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.2.3 (GNU/Linux) > > > > iD8DBQFADzj7BsV2IjgYy+cRAnYFAKDRF58Grrgi3bZenaHyCoyYpkykWQCeOZOB > > eq4SBnm6o1Rx8eNJmXwx2/U= > > =8KKw > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > clug-talk mailing list > > [EMAIL PROTECTED] > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
