Verifying file integrity with "MD5 signatures" (was: Linux Mint (Cinnamon 17.3 ONLY) hacked on Saturday)
Tom Buskey
tom at buskey.name
Fri Feb 26 11:05:39 EST 2016
On Wed, Feb 24, 2016 at 5:52 PM, Joshua Judson Rosen <rozzin at hackerposse.com
> wrote:
> On 02/21/2016 06:49 PM, Ted Roche wrote:
> > According to
> >
> >
> http://fossforce.com/2016/02/linux-mint-hacked-iso-for-17-3-cinnamon-edition-modified/
> >
> > Original web site posting here:
> >
> > http://blog.linuxmint.com/?p=2994
> >
> > Be careful out there.
>
> And he says "check its MD5 signature"....
Check 'em all :-)
>
> If you're ever in a position to use hashes/checksums in your own project,
> check out the "Lifetimes of popular cryptographic hashes" chart first:
>
> http://valerieaurora.org/hash.html
>
> And then check back regularly :)
And hashes are not just for security. Ms Aurora worked on both ZFS and
btrfs. Those filesystems use the hashes for ECC. If the hash for a block
is wrong, they get the dupe block (in RAID-1, etc) with a good hash and fix
it. Object FS like S3, swift, ceph use hashes also.
Collisions are particularly bad for ECC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20160226/681d3d62/attachment.html
More information about the gnhlug-discuss
mailing list