12-07-2018, 12:09 AM
(12-06-2018, 01:03 PM)Shannon Wrote:Now it's more clear, it's for protecting your work.(12-06-2018, 11:56 AM)JackOfHearts Wrote:Quote:I forgot to mention this earlier, but I was looking into what MD5Sum uses for checksumming, and discovered that:
A) It does not take into account the name or metadata of the file (like tags on an audio file), and
B) it is difficult, but not impossible, to fake an MD5 Sum hash signature
So, from now on, we will be calculating an MD5 Sum Hash value and an SHA512 Sum hash value. The latter is a bit for bit check, and if ANYTHING changes, it will change, and it is cryptographically secure, meaning that there is no known way to fake it. So you will have proof positive that the files are exactly as I made them, and NOTHING has been changed, if that is what you seek.
So at first you didn't really care about checking files integrity for audio as you didn't provide any checksum and your reasoning made sense at the time.
But now MD5 isn't sufficient, there is a need for SHA512??
Seriously??
You are sounding like someone trying trick people that because it is cryptographically secure then it is perfect. I'm not sure you are doing it but it seems to be that from reading that text. I hope it's not.
I don't know why someone like you who could put anything in your subs without anyone knowing would fake an MD5 checksum, please enlighten me
I don't think you're understanding.
In the beginning, I didn't know that checksums would be worthwhile because nobody asked for them. Then someone asked how they could know if they had downloaded the file correctly, so I started making MD5Sum hashes of the files.
Later I discovered that that program doesn't take into account changes to the name and metadata, meaning that someone could scrub those and re-sell my work as their own and it would remain capable of reproducing the same MD5Sum hash.
Now, to make sure that people cannot do that, I provide both.
It's not me who would fake an MD5sum hash. It would be someone who altered the file and then adjusted it so you get the same hash, which would hide the alteration.
SHA512 or 256 will reveal such a thing, because it cannot be faked by a pirate or someone who is trying to alter the files.
I have no reason to even try to fake a signature. Those signatures are your guarantee that the file is exactly as I created it, and unaltered. That's why md5sum is insufficient, given those weaknesses.
I still don't understand how SHA512 would protect it more though. At best it would help the pirates in my opinion as now with your checksum they know if their pirated version is the same as the original. So they don't need to download the original and pay for it as it is now cryptographically secure for them that it is the same version.
But I don't understand how that SHA512 would prevent them from reselling your work. Maybe if they just don't mention the existence of SHA512 checksum to begin with.
It doesn't seem be that useful in my opinion or I don't understand something.
