>Hi, > >Am I right in thinking that you could use the md5sum checksum output >generated by running md5sum on any file to verify the contents of that >file, at least in some minimal way? If someone sent me a file, and I >wanted to check to see if it had been corrupted enroute, could both I >and the sender run md5sum on that file and confirm some level of >accuracy based on the md5sum output? > >Thanks,
Yes. In fact, that's the whole point of md5sum: to verify the integrity of a file. Of course, keep in mind that the method by which you get the checksum is important. If you, say, ftp a file, and then ftp the file's checksum, the checksum might have been corrupted in transit. However, if all you are concerned about is corruption during transit, then an md5sum is perfect for you. The chances of a random corruption occurring within a file, and then another random corruption occurring within a checksum file, which just happens to end up resulting in the corrupted checksum matching the corrupted file, is so small it's not even worth considering. In other words, if you're only worried about corruption, and you get a valid checksum, then you are guaranteed that the file is not corrupt. However, if you are worried about a possible man-in-the-middle attack, then you need to get the md5sum checksum via different, more secure route than the route by which you get the file. For example, if you fetch the file by ftp, you should have your friend actually read you the md5sum over the phone instead of fetching it via ftp. Hope that helps. -- Mark K. Pettit [EMAIL PROTECTED]
