New criterion for Checksum
Andre Robatino
robatino at fedoraproject.org
Wed Feb 1 16:33:16 UTC 2012
Frank Murphy <frankly3d <at> gmail.com> writes:
> > A built-in checksum is only useful for checking for natural corruption, not a
> > deliberate fake (since in that case it's easy to change the checksum to the
> > correct one for the fake). Even md5 is more than enough for this purpose.
> >
>
> So it's not error proof,
> it can fail and still have a perfect disk, correct.
Yes, there can be a bug that causes the mediacheck to fail even though the disc
is good (this actually happened recently during development). Conversely, it can
pass even if the disc is fake. Personally, I always do the external check, for
example Fedora-16-x86_64-DVD.iso is 3757047808 bytes, so after burning I check
it by running
dd if=/dev/dvd bs=2048 count=1834496 conv=notrunc,noerror | sha256sum
(since 3757047808/2048=1834496) and comparing the sha256sum to the checksum
file. This has the slight advantage that it checks the entire image, while the
built-in check leaves out the small part containing the md5 itself. It's also
the kind of check you'd want to do if someone you didn't know or trust handed
you a "Fedora" disc, since in that case the disc can't be trusted to check
itself (if you burn it yourself from an ISO that you verified has the right
sha256sum, that's not an issue).
More information about the test
mailing list