MD5SUM
Dougie Richardson
ddrichardson at btinternet.com
Wed Apr 30 17:50:38 UTC 2008
Hi All,
An interesting question has popped up in Bug #146895[1] - suggesting
that we should include MD5SUM not just for the ISO image but also from
the block device once it is burned.
The issue raised is quite specific, obviously the CDs integrity can be
tested from the install menu but should someone have added malicious
code then generated a corresponding MD5SUM and put it on the disc then
it will pass.
Currently, as I understand it from reading the RFC [2], the check sum is
generated using file sizes in rounded up chunks. Herein lies the problem
as different burners/media/software produce slightly different sizes in
finalising the disc.
You could use dd to extract the ISO and compare it to the sum but this
is not particularly intuitive for people on Windows boxes.
I know this is a highly specific bug in a highly specific scenario but I
thought I'd discuss it here before consulting anyone else.
Cheers,
[1]https://bugs.launchpad.net/ubuntu-doc/+bug/146895
[2]http://www.faqs.org/rfcs/rfc1321.html
--
Dougie Richardson (http://lynxworks.eu)
"Well, then, " the Cat went on, "you see a dog growls when it's angry,
and wags its tail when it's pleased. Now I growl when I'm pleased, and
wag my tail when I'm angry. Therefore I'm mad."
More information about the ubuntu-doc
mailing list