Unidata - To provide the data services, tools, and cyberinfrastructure leadership that advance Earth system science, enhance educational opportunities, and broaden participation. Unidata
         
  advanced  
 

Re: md5 checksum or gpg signature

I wrote:

> I think there are some good reasons to keep hashes such as MD5 or
> SHA-1 external to files they are intended to check, rather than
> embedded in the files:
> 
>  - If the digest is external, then something that corrupts the file
>    might also corrupt the digest.

which makes no sense.  What I meant to say was

  - If the hash is embedded in the file and doesn't agree with the
    file contents, it's not clear whether the file or the hash or both
    were corrupted.

This is fairly minor, since a mismatch would tell you not to trust the
data in any case.  But I still think keeping the hash separate from
the original file makes it easier to compute.

--Russ
 
 
  Contact Us     Site Map     Search     Terms and Conditions     Privacy Policy     Participation Policy
 
National Science Foundation (NSF) UCAR Community Programs   Unidata is a member of the UCAR Community Programs, is managed by the University Corporation for Atmospheric Research, and is sponsored by the National Science Foundation.
P.O. Box 3000     Boulder, CO 80307-3000 USA     Tel: 303-497-8643     Fax: 303-497-8690