On Friday, 17 January 2014 at 15:00:38 UTC, Chris Cain wrote:
On Friday, 17 January 2014 at 14:06:57 UTC, Kagamin wrote:
Doesn't TCP take care of that?
For a packet, yes. In general you can assume that if a transfer
completes under TCP then it is very likely correct. That's the
way TCP is designed. If you want to check the entire file at
the end, MD5 could theoretically be done as a sanity check. I'd
still use SHA-2 (in the form of a digital signature, obviously)
minimally if your intention is to ensure it hasn't been
tampered with
It's hard and expensive to use digital signatures in public
projects and doesn't protect from tampering. In fact, direct
tampering in such setup is cheaper than a collision attack, not
even speaking, that a collision attack doesn't work here, only a
preimage attack.
