On 2/23/2016 3:08 AM, Nicolas George wrote:
Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit :
The ISO checksums are provided more for transport verification than
for the fight against intentional mainpulation.
If that were true, CRC32 would be enough.
Is that a 'Law of averages' thing?
I'll leave the security stuff to others.
If you take security out of the equation, simple true or false.
1. A corrupted download is better able to be detected when using MD5
than it is with CRC32.
2. A corrupted download is better able to be detected when using SHA
than it is with MD5.
I don't typically have an issue with corrupt downloads, but still there
are those days where
something is a bit flaky somewhere in the chain and downloads show
intermittent periods
of inactivity, sometimes failing and having to be resumed or restarted,
sometimes multiple
times to get a completed download.
Murphy's law 'Anything that can happen will happen', it's possible for a
download with
random corruption to pass verification, it will happen eventually. The
higher the risk
of corruption, the higher the odds are, however small those odds might
be, that you get a
corrupted download that passes verification.
If I have extra reason to suspect corruption might occur I definitely
want to use the most
capable option for detecting that. Just because that is not generally
that case doesn't mean
I generally want to settle for a less capable option.
Later, Seeker
