[luau] md5sum?

[Mark Pettit]

>Hi,
>
>Am I right in thinking that you could use the md5sum checksum output 
>generated by running md5sum on any file to verify the contents of that 
>file, at least in some minimal way?  If someone sent me a file, and I 
>wanted to check to see if it had been corrupted enroute, could both I 
>and the sender run md5sum on that file and confirm some level of 
>accuracy based on the md5sum output?
>
>Thanks,

Yes.  In fact, that's the whole point of md5sum: to verify the
integrity of a file.

Of course, keep in mind that the method by which you get the checksum
is important.  If you, say, ftp a file, and then ftp the file's
checksum, the checksum might have been corrupted in transit.

However, if all you are concerned about is corruption during transit,
then an md5sum is perfect for you.  The chances of a random corruption
occurring within a file, and then another random corruption occurring
within a checksum file, which just happens to end up resulting in the
corrupted checksum matching the corrupted file, is so small it's not
even worth considering.  In other words, if you're only worried about
corruption, and you get a valid checksum, then you are guaranteed that
the file is not corrupt.

However, if you are worried about a possible man-in-the-middle attack,
then you need to get the md5sum checksum via different, more secure
route than the route by which you get the file.  For example, if you
fetch the file by ftp, you should have your friend actually read you
the md5sum over the phone instead of fetching it via ftp.

Hope that helps.

-- 
Mark K. Pettit
mark at pettit.org