12-06-2018, 04:52 PM
(12-06-2018, 03:03 PM)Jake2015 Wrote:(12-06-2018, 01:03 PM)Shannon Wrote:(12-06-2018, 11:56 AM)JackOfHearts Wrote:Quote:I forgot to mention this earlier, but I was looking into what MD5Sum uses for checksumming, and discovered that:
A) It does not take into account the name or metadata of the file (like tags on an audio file), and
B) it is difficult, but not impossible, to fake an MD5 Sum hash signature
So, from now on, we will be calculating an MD5 Sum Hash value and an SHA512 Sum hash value. The latter is a bit for bit check, and if ANYTHING changes, it will change, and it is cryptographically secure, meaning that there is no known way to fake it. So you will have proof positive that the files are exactly as I made them, and NOTHING has been changed, if that is what you seek.
So at first you didn't really care about checking files integrity for audio as you didn't provide any checksum and your reasoning made sense at the time.
But now MD5 isn't sufficient, there is a need for SHA512??
Seriously??
You are sounding like someone trying trick people that because it is cryptographically secure then it is perfect. I'm not sure you are doing it but it seems to be that from reading that text. I hope it's not.
I don't know why someone like you who could put anything in your subs without anyone knowing would fake an MD5 checksum, please enlighten me
I don't think you're understanding.
In the beginning, I didn't know that checksums would be worthwhile because nobody asked for them. Then someone asked how they could know if they had downloaded the file correctly, so I started making MD5Sum hashes of the files.
Later I discovered that that program doesn't take into account changes to the name and metadata, meaning that someone could scrub those and re-sell my work as their own and it would remain capable of reproducing the same MD5Sum hash.
Now, to make sure that people cannot do that, I provide both.
It's not me who would fake an MD5sum hash. It would be someone who altered the file and then adjusted it so you get the same hash, which would hide the alteration.
SHA512 or 256 will reveal such a thing, because it cannot be faked by a pirate or someone who is trying to alter the files.
I have no reason to even try to fake a signature. Those signatures are your guarantee that the file is exactly as I created it, and unaltered. That's why md5sum is insufficient, given those weaknesses.
Sorry ive been a away a little while and not very tech savvy.
So does this mean from now one we check both MD5sum and the Sha512? is there also a SHA256 we check too?
thank you
You can check whichever you like. It is unlikely that SHA512 will be necessary if the MD5 hash checks out, but if you sus[ect there is a difference, you will have the SHA512 hash.
I may switch to SHA256 in the future because 512 produces a very long hash signature. If you only want to check one, and be done, and know it's bit for bit exactly what left my computer, check the SHA hash. If you want to make sure the audio is uncorrupted and have a very small chance that someone has taken the opportunity to fake the signature, or has changed the name/tags, then use MD5.
I include both because MD5 will still prove useful if you choose to change the names/tags for whatever reason.
Subliminal Audio Specialist & Administrator
The scientist has a question to find an answer for. The pseudo-scientist has an answer to find a question for. ~ "Failure is the path of least persistence." - Chinese Fortune Cookie ~ Logic left. Emotion right. But thinking, straight ahead. ~ Sperate supra omnia in valorem. (The value of trust is above all else.) ~ Meowsomeness!
The scientist has a question to find an answer for. The pseudo-scientist has an answer to find a question for. ~ "Failure is the path of least persistence." - Chinese Fortune Cookie ~ Logic left. Emotion right. But thinking, straight ahead. ~ Sperate supra omnia in valorem. (The value of trust is above all else.) ~ Meowsomeness!
