From owner-freebsd-questions  Mon Aug  7  5:44:52 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mail-in-02.piro.net (mail-out-01.piro.net [194.64.31.11])
	by hub.freebsd.org (Postfix) with ESMTP id EC33D37B5A4
	for <freebsd-questions@freebsd.org>; Mon,  7 Aug 2000 05:44:48 -0700 (PDT)
	(envelope-from marc.vanwoerkom@science-factory.com)
Received: from nil.science-factory.com (ScienceFactory-atm1-153.piro.net [195.135.137.205])
	by mail-in-02.piro.net (8.9.3/8.9.3/PN-991208) with ESMTP id OAA12234;
	Mon, 7 Aug 2000 14:44:42 +0200
Received: by nil.science-factory.com (Postfix, from userid 501)
	id 1637B1EE7; Mon,  7 Aug 2000 14:39:25 +0200 (CEST)
From: Marc van Woerkom <marc.vanwoerkom@science-factory.com>
To: zzhang@cs.binghamton.edu
Cc: freebsd-questions@freebsd.org
In-reply-to: <Pine.SOL.4.21.0008031054470.11190-100000@sol.cs.binghamton.edu>
	(message from Zhihui Zhang on Thu, 3 Aug 2000 10:58:00 -0400 (EDT))
Subject: Re: How to use checksum.md5
References:  <Pine.SOL.4.21.0008031054470.11190-100000@sol.cs.binghamton.edu>
Message-Id: <20000807123925.1637B1EE7@nil.science-factory.com>
Date: Mon,  7 Aug 2000 14:39:25 +0200 (CEST)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> I download the FreeBSD ISO image. I notice there is a checksum.md5 file
> there. Can anyone tell me how to use it (which tools do I need)? 

Like you wrote MD5 is a checksum or hash.
The idea is to compute the checksum of the (well known) algorithm yourself
and compare it to the checksum listed. 
If they differ it is clear that something fishy is going on, either
transmission errors or even tampering. 

That is because hash functions are choosen in a way that this equality
is *very* hard to accomplish:

    hash(x) = hash(x + dx + comp)

(meaning: manipulating input first x+dx and then compensating in a way +comp 
 that one still gets the original hash number)

On a FreeBSD system you have a 'md5' command that computes this checksum.
There might be other programs that provide this calculation (a Perl 
built in?)
Porting md5.c is easy as well, I once made it run with Cygwin under
Win32 (just throw a bit unnecessary stuff away)


> Do I absolutely need to do the check?  Thanks.

You need not - this is something for the cautious/paranoid
who fear that they got some altered version of the file.

I am not sure, if an ISO image per se has some checksum integrated,
so that you would run into some warning at burning time.
Otherwise running a checksum over a 650MB download seems not a bad
idea.

Regards,
Marc




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message