incubator-depot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Markus M. May" <m...@gmx.net>
Subject Re: MD5 Hash
Date Wed, 11 Feb 2004 15:35:12 GMT
Hello,

yes, I can enlighten you all a littel bit about MD5 hashs. The basic is that
a hash is a unique key for a value (in this case a file). From this key you
cannot guess or even generate the original value (file). It is generated with
the MD5 algorithm using javas security stuff. So basically if a file is
updated on the apache.org servers the MD5 hash is generated. When the file is
updated the hash of the updated file is normally (and this would be a very very
small chance) not the same. So, basically for each file a new hash is
generated. You can then create another hash from the same file. If you are using the
same algorithm (MD5/SHA) you get then the same hash (means: from the same
file you always get the same hash-code when using the same algorithm). On the
apache.org servers there is always an .MD5 file for each deployed file. In
this file the original filename and the hashcode is written. This basically
means, you can generate with the same algorithm the hashcode and then you can
check if the hash in the .md5-file is the same as the generated one. If it is
not, it is a good guess, that the file you downloaded is not the one published
by apache.org.

Hope this helps you understand the issue. If there are more questions
concerning this, just go ahead and ask.

R,

Markus


> > I just browsed a little around and found some special solutions for the
> > checksum stuff with MD5-Hashes. ANT has already a nice task for this
> 
> How would we integrate with it? Is the task part of 'core'? I'm not
> against
> leveraging others, especially ant, 'cos I suspect that'll be a large part
> of
> our user base. So, as a start, I'd be for it.
> 
> That said, longer term I'd love to see it for command line also.
> 
> BTW: Are you at a point where you can explain the mechanics of this? What
> keys does one use to check an MD5? Where do the keys come from, can we
> trust
> them, etc.? Can you educate us all?
> 
> regards,
> 
> Adam
> 


Mime
View raw message