Matt Mossholder on 25 Mar 2014 13:23:54 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] check for a file being transmitted via ftp

Unless you are trying to prove something hasn't been -maliciously- altered, MD5 is more than adequate. It is perfectly fine to use MD5 for detecting transmission errors.

That is part of the reason that attack indicators are frequently posted as MD5s... in the extremely unlikely event that there happens to be a collision, the impact is pretty negligible.


On Tue, Mar 25, 2014 at 3:05 PM, JP Vossen <> wrote:

> On 03/25/2014 02:34 PM, Tom McCurdy, Jr. wrote:
>> You could use MD5SUM to help verify the integrity of the file you're downloading.

On 03/25/2014 02:47 PM, Eric at wrote:
This is a novel (and excellent!) idea.  I'll have to look into it.
Since the MD5 sum could conceivably be sent after the main file it
would also act as a trigger file.

Yeah, just stick the hash value in the 'im_done' file.

While I'm guilty of this myself, out of habit, we should really NOT be using MD5 anymore, it has been weak and broken for years.  Using at least SHA256 is much better.  I realize in this case it's not that important, but we all need to get out of the MD5 habit...

JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --