MD5 checksums for images

Vinzenz Hersche hersche at
Tue Jan 13 10:10:58 CET 2009

Hash: SHA1

David Pottage schrieb:
> On Mon, January 12, 2009 9:13 pm, Rui Miguel Silva Seabra wrote:
>> On Mon, Jan 12, 2009 at 06:46:35PM +0100, Fernando Martins wrote:
>>> I've downloaded images for om2008.12, FSO and SHR and something
>>> that puzzles me is the lack of MD5 checksums on these
>>> repositories. The sums would just take a couple of minutes to
>>> put there, so I'm wondering if there is some other check going
>>> on by dfu before flashing??
>> Whoever cares about MD5 checksums, nowadays, is putting up a
>> farse, at least demand SHA256 ;)
> The point of MD5 checksums is to check for download errors,
> truncated files or the repository maintainer uploading the wrong
> file somehow.
> It is not to protect us from black hats who might somehow replace a
>  correct image with a malware infected one. (If they are able to do
> that, they can replace the md5sums file a the same time).
> Anyway, MD5 sum checking is done automaticaly in many tools, and
> most people are familiar with the commands to check MD5 sums, so if
> the images come with MD5 sums they will be checked easily. If they
> come with another sort of checksum, it will be harder to check, for
> no real benefit.
i think, md5 is enough, but sha256 is better (it's a smaller
possibility that there is a hash double, but when would this happend? :p)
there is enough space and the prozessors are fast, so why didn't use

- --
Vinzenz Hersche
Lehrling 2. Lehrjahr

Puzzle ITC GmbH

Telefon +41 31 370 22 00
Direkt  +41 31 370 22 04
Mobile  +41 78 845 24 12
Fax     +41 31 370 22 01

Puzzle ist Mitglied der Eclipse Foundation:
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


-------------- next part --------------
A non-text attachment was scrubbed...
Name: hersche.vcf
Type: text/x-vcard
Size: 171 bytes
Desc: not available
Url : 

More information about the community mailing list