problem with FC2-i386-DVD.iso
Jeff Vian
jvian10 at charter.net
Wed May 26 13:04:58 UTC 2004
Xinming He wrote:
>I think I actually got the right file. The size of the original file should
>be 4,370,640,896. Previously I used Internet Explorer to see the file size
>in the file property. Clearly it gives a wrong number. But still we
>implicitely assume all mirrors sites are trustable and are properly
>protected. It is much better to use digital signature instead of md5sum to
>protect the integrity of the file.
>
>
?? How do you justify the blanket statement "It is much better to use
digital signature instead of md5sum to protect the integrity of the
file." ??
For any file, an md5sum cannot be forged. If a single bit is changed in
the file, the calculated md5sum changes by a LOT. A digital signature
can be forged but an actual md5sum cannot be changed unless the file is
changed and then published sums from all sources are modified to show
the changed value instead of the original value.
Using IE and expecting to see the number of bytes in the file is kind of
dumb. Winblows is not in any way accurate in displaying file size,
especially since it usually displays the size in terms of Kb or Mb
rather than in terms of Bytes. It also displays it in terms of space
used on the drive, rather than actual file size.
If the md5sum is correct I would suspect the difference in displayed
file size is a result of differences in platform it is displayed on
(source vs yours) rather than an error in the file.
>----- Original Message -----
>From: "Xinming He" <xhe at usc.edu>
>To: <fedora-list at redhat.com>
>Sent: Tuesday, May 25, 2004 7:16 PM
>Subject: problem with FC2-i386-DVD.iso
>
>
>
>
>>I downloaded FC2-i386-DVD.iso from a mirror site
>>ftp://limestone.uoregon.edu/fedora/ using Internet Explorer. It is strange
>>to see that the size of the file I got is 4,370,640,896, while the size of
>>the original file is 4,294,967,295. I got the same md5sum as specified in
>>the redhat web site. It is quite strange. Not sure if I have got the right
>>file. It would be better if the file is protected with some digital
>>signature instead of the simple md5sum.
>>
>>
>>
>>
>>
>>
>
>
>
>
More information about the fedora-list
mailing list