Comment 1 for bug 146895
Revision history for this message
| Dougie Richardson (dougierichardson) wrote | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
With regard to possible solutions, it is my understanding from RFC1321 that MD5SUM are generated in respect of the number of bits. I'm not 100% sure about whether every CD burned by every manufacturers drives would generate the same MD5SUM, certainly different burning software writes different numbers of bits in closing the disc.
This is a perennial problem, noted throughout the community and as you state the common solution is to extract to ISO and then compare that MD5SUM against the immutable pages.
I agree there is the potential for misuse of the MD5 on the CD but the question is really where do we draw the line - MD5 can be cracked with rainbow tables if it isn't salted.
I think this warrants further discussion.