Date: Wed, 14 Mar 2001 21:17:16 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Adrian Chadd <adrian@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <36424.984601036@critter> In-Reply-To: Your message of "Wed, 14 Mar 2001 21:07:58 %2B0100." <20010314210758.A2405@roaming.cacheboy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>So, you can't trust that the returned filename, size, mtime or md5 >are "real". Heck, you can't even trust that you are talking to the server you think you are talking to. The point here is not to solve all problems in the world, the point here is to improve a common case enough to make life simpler for the majority of us. You will notice that my proposal was SITE MD5 filename [offset [length]] If you are paranoid you issue two MD5 commands: SITE MD5 somesoftware.tgz gets you the entire files MD5, which is easy to fake. Next you select a random piece of the file and ask for the MD5 of that bit: SITE MD5 somesoftware.tgz 383273 283744 Now, unless the other end has the actual file, or a very large database of potential MD5's for that file, they will not be able to answer your question correctly... Hows that... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36424.984601036>