On Mon, 27 Jun 2011 01:44:45 +0200 Carl-Daniel Hailfinger <[email protected]> wrote:
> Am 26.06.2011 03:47 schrieb Stefan Tauner: > > On Sun, 26 Jun 2011 03:02:44 +0200 > > Stefan Tauner <[email protected]> wrote: > > > > > >> The MD5 hashes of the files and flash contents are computed and printed > >> whenever a file > >> or a whole flash device is read. This can be disabled by setting > >> CONFIG_MD5 to no in the > >> makefile. > >> It uses a simple self-contained MD5 "library" with a permissive license in > >> md5.[hc]. > >> > > I am not sure if the MD5 code is allowed to be linked against GPLv2 > flashrom since neither flashrom nor the MD5 code have any license > exception for linking. imho it is ok... it is similar to MIT, but don't quote me on that. > >> Its author is added to the (new) acknowledgments section in the manpage. > >> > > because there seem to be a bit of misunderstanding on the purpose of > > printing md5 hashes: this should not help you when you are using > > flashrom correctly (md5sum et al. are fine) but the poor souls (and the > > ones helping fixing them stuff i.e. you) when they have misused > > flashrom in one or another way. this allows us to verify for every log > > we receive which file has been used (together with the upcoming log > > file patch) without costing much when dealing with untrustworthy third > > parties (== euphemism :). > > > > size of flashrom with md5 (and libftdi linked): > > text data bss dec hex filename > > 309905 1412 9960 321277 4e6fd flashrom > > > > without the patch at all: > > text data bss dec hex filename > > 306613 1412 9960 317985 4da21 flashrom > > > > i.e. ~1% of text size. > > > > the patch does integrate well and obviously i am pro using it, but i am > > not insisting on this at all if the majority objects it. i just thought > > it is a good idea and gave it a try :) > > > > If we don't care about cryptographic strength, why not pick a simpler > hash, e.g. FNV? Heck, a standard CRC would probably work as well, _but_ > if CRC is used by the BIOS to verify parts of the flash image, there > might be interactions (e.g. collisions) which impact our hashing- there should be an easy way to compare the checksum with existing files. md5sum is installed almost everywhere. > That said, I have trouble seeing the benefit of such hashes. point taken. should i mark it as rejected on pw? -- Kind regards/Mit freundlichen Grüßen, Stefan Tauner _______________________________________________ flashrom mailing list [email protected] http://www.flashrom.org/mailman/listinfo/flashrom
