You know, modern hard drives actually checksum written data so you never 
get corrupted data back. You might get NO data back (that is, an I/O 
error) but that would make any operation on the file fail, including 
burning the file to a CD. I've read this in a "howto" for Linux'es 
software raid driver. That's where they also say the BUS that data 
travels to the HDD is NOT checksummed and that has a grater probability 
of introducing an error!

Also there are two kinds of checksums applied to those large downloads. 
There's the MD5 checksum that can be reproduced by the man in the middle 
so it's useless for security (after all, if the man in the middle is 
willing to waist bandwidth to "fake" the main download, what does it 
take to also "fake" the checksum?). And then there are the "ASC" 
checksums, I think those are used for security as well.

Jack wrote:
> It is actually for data integrity as well (more than security, in my
> opinion.) When it comes to large file download, there might be corrupted
> bytes. Then this is more likely caused by HD errors then network errors.
>>> Conclusion: I think data corruption might be a problem in some cases.
>>> Notice how all Linux distributions include MD5 hashes for all downloads,
>>> so they can be checked on the receiving end?
>> This is not to detect data corrumption because of data transmission but to
>> detect "man in the middle" attack. MD5 checksum allow the user to check if
>> the data file he downloaded is the same as the data file the developper
>> dropped on the server and was not replaced either on the server or by
>> someone intercepting the communication.
>> In think in the context you mention, MD5 is used for security, no for data
>> integrity.

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to