12-06-2018, 03:03 PM
(12-06-2018, 01:03 PM)Shannon Wrote:(12-06-2018, 11:56 AM)JackOfHearts Wrote:Quote:I forgot to mention this earlier, but I was looking into what MD5Sum uses for checksumming, and discovered that:
A) It does not take into account the name or metadata of the file (like tags on an audio file), and
B) it is difficult, but not impossible, to fake an MD5 Sum hash signature
So, from now on, we will be calculating an MD5 Sum Hash value and an SHA512 Sum hash value. The latter is a bit for bit check, and if ANYTHING changes, it will change, and it is cryptographically secure, meaning that there is no known way to fake it. So you will have proof positive that the files are exactly as I made them, and NOTHING has been changed, if that is what you seek.
So at first you didn't really care about checking files integrity for audio as you didn't provide any checksum and your reasoning made sense at the time.
But now MD5 isn't sufficient, there is a need for SHA512??
Seriously??
You are sounding like someone trying trick people that because it is cryptographically secure then it is perfect. I'm not sure you are doing it but it seems to be that from reading that text. I hope it's not.
I don't know why someone like you who could put anything in your subs without anyone knowing would fake an MD5 checksum, please enlighten me
I don't think you're understanding.
In the beginning, I didn't know that checksums would be worthwhile because nobody asked for them. Then someone asked how they could know if they had downloaded the file correctly, so I started making MD5Sum hashes of the files.
Later I discovered that that program doesn't take into account changes to the name and metadata, meaning that someone could scrub those and re-sell my work as their own and it would remain capable of reproducing the same MD5Sum hash.
Now, to make sure that people cannot do that, I provide both.
It's not me who would fake an MD5sum hash. It would be someone who altered the file and then adjusted it so you get the same hash, which would hide the alteration.
SHA512 or 256 will reveal such a thing, because it cannot be faked by a pirate or someone who is trying to alter the files.
I have no reason to even try to fake a signature. Those signatures are your guarantee that the file is exactly as I created it, and unaltered. That's why md5sum is insufficient, given those weaknesses.
Sorry ive been a away a little while and not very tech savvy.
So does this mean from now one we check both MD5sum and the Sha512? is there also a SHA256 we check too?
thank you
OF3 5.75.7G 13/15Vol
1L-2O/3OF; (1L-2/2 5/6); (2L 19/6); (3L 27/6); (4L 9/7); (H4L 25/7)
W 19 May
MLS 5.5G: ≈70days x2, IYGSH: 54, E2: 78+48, DMSI 3.2: 56 & 22, UMOP1: 57+UMOP2: 33 = 90+10 US v12/15=100, OF: 45, OF2: 56days
1L-2O/3OF; (1L-2/2 5/6); (2L 19/6); (3L 27/6); (4L 9/7); (H4L 25/7)
W 19 May
MLS 5.5G: ≈70days x2, IYGSH: 54, E2: 78+48, DMSI 3.2: 56 & 22, UMOP1: 57+UMOP2: 33 = 90+10 US v12/15=100, OF: 45, OF2: 56days
