12-07-2018, 06:27 AM
(12-07-2018, 12:09 AM)JackOfHearts Wrote:(12-06-2018, 01:03 PM)Shannon Wrote:Now it's more clear, it's for protecting your work.(12-06-2018, 11:56 AM)JackOfHearts Wrote:Quote:I forgot to mention this earlier, but I was looking into what MD5Sum uses for checksumming, and discovered that:
A) It does not take into account the name or metadata of the file (like tags on an audio file), and
B) it is difficult, but not impossible, to fake an MD5 Sum hash signature
So, from now on, we will be calculating an MD5 Sum Hash value and an SHA512 Sum hash value. The latter is a bit for bit check, and if ANYTHING changes, it will change, and it is cryptographically secure, meaning that there is no known way to fake it. So you will have proof positive that the files are exactly as I made them, and NOTHING has been changed, if that is what you seek.
So at first you didn't really care about checking files integrity for audio as you didn't provide any checksum and your reasoning made sense at the time.
But now MD5 isn't sufficient, there is a need for SHA512??
Seriously??
You are sounding like someone trying trick people that because it is cryptographically secure then it is perfect. I'm not sure you are doing it but it seems to be that from reading that text. I hope it's not.
I don't know why someone like you who could put anything in your subs without anyone knowing would fake an MD5 checksum, please enlighten me
I don't think you're understanding.
In the beginning, I didn't know that checksums would be worthwhile because nobody asked for them. Then someone asked how they could know if they had downloaded the file correctly, so I started making MD5Sum hashes of the files.
Later I discovered that that program doesn't take into account changes to the name and metadata, meaning that someone could scrub those and re-sell my work as their own and it would remain capable of reproducing the same MD5Sum hash.
Now, to make sure that people cannot do that, I provide both.
It's not me who would fake an MD5sum hash. It would be someone who altered the file and then adjusted it so you get the same hash, which would hide the alteration.
SHA512 or 256 will reveal such a thing, because it cannot be faked by a pirate or someone who is trying to alter the files.
I have no reason to even try to fake a signature. Those signatures are your guarantee that the file is exactly as I created it, and unaltered. That's why md5sum is insufficient, given those weaknesses.
I still don't understand how SHA512 would protect it more though. At best it would help the pirates in my opinion as now with your checksum they know if their pirated version is the same as the original. So they don't need to download the original and pay for it as it is now cryptographically secure for them that it is the same version.
But I don't understand how that SHA512 would prevent them from reselling your work. Maybe if they just don't mention the existence of SHA512 checksum to begin with.
It doesn't seem be that useful in my opinion or I don't understand something.
Now it can be proven whether or not the files have been changed. It can also be shown whether the filenames and tags were changed, but not the original audio. And if they have the original names and tags but they don't match either checksum, it can be seen that they are corrupt.
It's not just for protecting my work, it's also for protecting my customers.
SHA won't prevent those thieves who are reselling my work from doing so, but it will give me an avenue to prove what is going on.
Ultimately, it's about protecting my customers by making sure that they have what I released, and not something else that is labeled as such.
Subliminal Audio Specialist & Administrator
The scientist has a question to find an answer for. The pseudo-scientist has an answer to find a question for. ~ "Failure is the path of least persistence." - Chinese Fortune Cookie ~ Logic left. Emotion right. But thinking, straight ahead. ~ Sperate supra omnia in valorem. (The value of trust is above all else.) ~ Meowsomeness!
The scientist has a question to find an answer for. The pseudo-scientist has an answer to find a question for. ~ "Failure is the path of least persistence." - Chinese Fortune Cookie ~ Logic left. Emotion right. But thinking, straight ahead. ~ Sperate supra omnia in valorem. (The value of trust is above all else.) ~ Meowsomeness!