Re: MD5 checksums for images
On Mon, January 12, 2009 9:13 pm, Rui Miguel Silva Seabra wrote: On Mon, Jan 12, 2009 at 06:46:35PM +0100, Fernando Martins wrote: I've downloaded images for om2008.12, FSO and SHR and something that puzzles me is the lack of MD5 checksums on these repositories. The sums would just take a couple of minutes to put there, so I'm wondering if there is some other check going on by dfu before flashing?? Whoever cares about MD5 checksums, nowadays, is putting up a farse, at least demand SHA256 ;) The point of MD5 checksums is to check for download errors, truncated files or the repository maintainer uploading the wrong file somehow. It is not to protect us from black hats who might somehow replace a correct image with a malware infected one. (If they are able to do that, they can replace the md5sums file a the same time). Anyway, MD5 sum checking is done automaticaly in many tools, and most people are familiar with the commands to check MD5 sums, so if the images come with MD5 sums they will be checked easily. If they come with another sort of checksum, it will be harder to check, for no real benefit. -- David Pottage Error compiling committee.c To many arguments to function. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: MD5 checksums for images
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Pottage schrieb: On Mon, January 12, 2009 9:13 pm, Rui Miguel Silva Seabra wrote: On Mon, Jan 12, 2009 at 06:46:35PM +0100, Fernando Martins wrote: I've downloaded images for om2008.12, FSO and SHR and something that puzzles me is the lack of MD5 checksums on these repositories. The sums would just take a couple of minutes to put there, so I'm wondering if there is some other check going on by dfu before flashing?? Whoever cares about MD5 checksums, nowadays, is putting up a farse, at least demand SHA256 ;) The point of MD5 checksums is to check for download errors, truncated files or the repository maintainer uploading the wrong file somehow. It is not to protect us from black hats who might somehow replace a correct image with a malware infected one. (If they are able to do that, they can replace the md5sums file a the same time). Anyway, MD5 sum checking is done automaticaly in many tools, and most people are familiar with the commands to check MD5 sums, so if the images come with MD5 sums they will be checked easily. If they come with another sort of checksum, it will be harder to check, for no real benefit. i think, md5 is enough, but sha256 is better (it's a smaller possibility that there is a hash double, but when would this happend? :p) there is enough space and the prozessors are fast, so why didn't use sha256? - -- Vinzenz Hersche Lehrling 2. Lehrjahr Puzzle ITC GmbH www.puzzle.ch Telefon +41 31 370 22 00 Direkt +41 31 370 22 04 Mobile +41 78 845 24 12 Fax +41 31 370 22 01 Puzzle ist Mitglied der Eclipse Foundation: http://www.puzzle.ch/eclipse/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklsWpoACgkQK9d7OHUJmA5hQACfRUHgz2LUuIO5+G5EJyrU4ZB/ jvMAni6nY/YbfGpa4Wqvm6mytWuNf7wf =YSRv -END PGP SIGNATURE- begin:vcard fn:Vinzenz Hersche n:Hersche;Vinzenz email;internet:hers...@puzzle.ch tel;home:033 336 20 56 tel;cell:077 447 73 74 x-mozilla-html:TRUE version:2.1 end:vcard ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
MD5 checksums for images
I've downloaded images for om2008.12, FSO and SHR and something that puzzles me is the lack of MD5 checksums on these repositories. The sums would just take a couple of minutes to put there, so I'm wondering if there is some other check going on by dfu before flashing?? Regards, Fernando ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: MD5 checksums for images
On Mon, Jan 12, 2009 at 06:46:35PM +0100, Fernando Martins wrote: I've downloaded images for om2008.12, FSO and SHR and something that puzzles me is the lack of MD5 checksums on these repositories. The sums would just take a couple of minutes to put there, so I'm wondering if there is some other check going on by dfu before flashing?? Whoever cares about MD5 checksums, nowadays, is putting up a farse, at least demand SHA256 ;) Rui -- Keep the Lasagna flying! Today is Boomtime, the 12th day of Chaos in the YOLD 3175 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...? ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community