On 6/24/2007 8:49 PM, Justin Dolske wrote [in part]: > David E. Ross wrote [also in part]: >> I much more favor providing both the target file and a separate file >> containing the hash, as is done on the Mozilla FTP site. > > And how do you verify the contents of the hash file? Another hash file? :)
Remember, I'm using MD5 merely to check that no errors were introduced during downloading. I'm not checking for a hack. The probability of an error being introduced during the downloading of a small file containing MD5 hashes is much lower than for a large file containing a SeaMonkey installer. The smaller file transfers with far fewer packets than the larger file and thus has fewer opportunities for problems. Thus, I don't really worry about the file containing the MD5 hashes. In the end, if the hash that I download matches a newly generated hash on the installer file, I assume both downloaded okay. Yes, I have downloaded an installer file a second time when the hash failed to verify. No, I did not try to diagnose why. -- David E. Ross <http://www.rossde.com/>. Anyone who thinks government owns a monopoly on inefficient, obstructive bureaucracy has obviously never worked for a large corporation. © 1997 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
