With regard to possible solutions, it is my understanding from RFC1321 that MD5SUM are generated in respect of the number of bits. I'm not 100% sure about whether every CD burned by every manufacturers drives would generate the same MD5SUM, certainly different burning software writes different numbers of bits in closing the disc.
This is a perennial problem, noted throughout the community and as you state the common solution is to extract to ISO and then compare that MD5SUM against the immutable pages.
I agree there is the potential for misuse of the MD5 on the CD but the question is really where do we draw the line - MD5 can be cracked with rainbow tables if it isn't salted.
With regard to possible solutions, it is my understanding from RFC1321 that MD5SUM are generated in respect of the number of bits. I'm not 100% sure about whether every CD burned by every manufacturers drives would generate the same MD5SUM, certainly different burning software writes different numbers of bits in closing the disc.
This is a perennial problem, noted throughout the community and as you state the common solution is to extract to ISO and then compare that MD5SUM against the immutable pages.
I agree there is the potential for misuse of the MD5 on the CD but the question is really where do we draw the line - MD5 can be cracked with rainbow tables if it isn't salted.
I think this warrants further discussion.