Google Summer of Code: Mozilla Projects [LWN.net]

Google Summer of Code: Mozilla Projects

Posted Aug 23, 2007 15:12 UTC (Thu) by xav (subscriber, #18536)
In reply to: Google Summer of Code: Mozilla Projects by jengelh
Parent article: Google Summer of Code: Mozilla Projects

I doubt sending the md5 alongside the file will make it really secure in
case of trojaned file. A non-stupid cracker would modify the md5 as well a
the file (or, this would be done automatically if computed on-the-fly by
apache).
The advantage of md5 embedded in the webpage is that modifying the ISO and
modifying the HTML accordingly is hard.

(Log in to post comments)

Google Summer of Code: Mozilla Projects

Posted Sep 28, 2007 13:40 UTC (Fri) by swiftone (guest, #17420) [Link]

I doubt sending the md5 alongside the file will make it really secure in case of trojaned file.

Correct. This would be of value when the source of the link is not the same as the source of the file.

LWN, for example, could post links to packages on ibiblio. On download, the files from one source (ibiblio) would be checked to match the hash from another (LWN).

At that point the system is as trusted as the source of the link, which can have errors, but may be more secure than the current system (where the hash is rarely verified).