On Tue, 2 Mar 2010 23:31:08 -0800
Don Quixote de la Mancha <quixote(a)dulcineatech.com> wrote:
The Chicken and Egg Problem for checksums was solved for the IP
header
checksum, and the TCP payload checksum back during the 1970s.
When calculating the checksum, set the checksum field itself to zero.
When verifying the checksum, skip over the value that is actually
present. Perform the calculation as if it was actually set to zero.
The IP checksum isn't very strong. It's arguably fine for general purpose
data in small blocks but not for a DVD image
CD and DVD images could do the same thing.
It would be enough to append a single 32-bit CRC just to ensure that
your download wasn't corrupted, or that you had a good burn, but if
you wanted to make sure that the Russian Mafia hadn't patched your
kernel, you could add one entire 2048-byte sector to your image, and
fill it all up with one big cryptographic hash.
That only works if you know an existing shared secret.
Alan