"Anonymous Sender" <anonymous@remailer.metacolo.com> wrote in message
news:3e4be5540bb30f64dc0e0d781e773f8a@remailer.met acolo.com...
> dennis@home wrote:
>
>>
>> "Anonymous" <cripto@ecn.org> wrote in message
>> news:a74ba05b9abd63f5f9afc787b8be985c@ecn.org...
>> > dennis@home wrote:
>> >
>> >> There is *nothing* in Linux (or most OSes) to protect a user from such
>> >> a
>> >> simple attack and yet you think I am paranoid for not listening to
>> >> some
>> >> troll posting download web sites in a news group. Do get a clue on
>> >> what
>> >> is
>> >> and isn't safe with the computer you are supposed to be in charge of.
>> >
>> > Your state of clue-free is astounding. There's scores of ways to defeat
>> > evil package distributors from dolling out bogus packages.
>>
>> Name one way to defeat a rogue live CD put out on the Internet *other*
>> than
>> what I said about not downloading it just because someone shouts about it
>> in
>
> I can name a dozen ways in a few different categories ya' ninny.
> Hashes, digital signatures, and transport layer certificates signed by
> trusted CA's are collectively the methods you're apparently oblivious
> to. That's part what those tools are designed to do ferChristsakes.

How do they stop a begineer (or anyone else) downloading an image from
anywhere, putting it on a CD and booting it ferChristsakes?
There is nothing in a PC to stop it and there would be nothing on the CD to
stop it so you are just dreaming.

When you come up with a mechanism that stops someone putting a hacked image
on P2P then maybe I will believe you untill then shut up.

dennis@home <dennis@killspam.kicks-ass.net> wrote:
>
> "Anonymous Sender" <anonymous@remailer.metacolo.com> wrote in message
> news:3e4be5540bb30f64dc0e0d781e773f8a@remailer.met acolo.com...
>> dennis@home wrote:
>>
>>>
>>> "Anonymous" <cripto@ecn.org> wrote in message
>>> news:a74ba05b9abd63f5f9afc787b8be985c@ecn.org...
>>> > dennis@home wrote:
>>> >
>>> >> There is *nothing* in Linux (or most OSes) to protect a user from such
>>> >> a
>>> >> simple attack and yet you think I am paranoid for not listening to
>>> >> some
>>> >> troll posting download web sites in a news group. Do get a clue on
>>> >> what
>>> >> is
>>> >> and isn't safe with the computer you are supposed to be in charge of.
>>> >
>>> > Your state of clue-free is astounding. There's scores of ways to defeat
>>> > evil package distributors from dolling out bogus packages.
>>>
>>> Name one way to defeat a rogue live CD put out on the Internet *other*
>>> than
>>> what I said about not downloading it just because someone shouts about it
>>> in
>>
>> I can name a dozen ways in a few different categories ya' ninny.
>> Hashes, digital signatures, and transport layer certificates signed by
>> trusted CA's are collectively the methods you're apparently oblivious
>> to. That's part what those tools are designed to do ferChristsakes.
>
> How do they stop a begineer (or anyone else) downloading an image from
> anywhere, putting it on a CD and booting it ferChristsakes?
> There is nothing in a PC to stop it and there would be nothing on the CD to
> stop it so you are just dreaming.
>
> When you come up with a mechanism that stops someone putting a hacked image
> on P2P then maybe I will believe you untill then shut up.
>
>

owl@laptop:~/iso$ cat pclinuxos-2007.md5sum
cf31f44513c9b30caaa1f1d2c382c033 pclinuxos-2007.iso
owl@laptop:~/iso$ md5sum pclinuxos-2007.iso
cf31f44513c9b30caaa1f1d2c382c033 pclinuxos-2007.iso
owl@laptop:~/iso$ md5sum evil_pclinuxos-2007.iso
d41d8cd98f00b204e9800998ecf8427e evil_pclinuxos-2007.iso
owl@laptop:~/iso$

owl wrote:

> dennis@home <dennis@killspam.kicks-ass.net> wrote:
>>
>> "Anonymous Sender" <anonymous@remailer.metacolo.com> wrote in message
>> news:3e4be5540bb30f64dc0e0d781e773f8a@remailer.met acolo.com...
>>> dennis@home wrote:
>>>
>>>>
>>>> "Anonymous" <cripto@ecn.org> wrote in message
>>>> news:a74ba05b9abd63f5f9afc787b8be985c@ecn.org...
>>>> > dennis@home wrote:
>>>> >
>>>> >> There is *nothing* in Linux (or most OSes) to protect a user from
>>>> >> such a
>>>> >> simple attack and yet you think I am paranoid for not listening to
>>>> >> some
>>>> >> troll posting download web sites in a news group. Do get a clue on
>>>> >> what
>>>> >> is
>>>> >> and isn't safe with the computer you are supposed to be in charge
>>>> >> of.
>>>> >
>>>> > Your state of clue-free is astounding. There's scores of ways to
>>>> > defeat evil package distributors from dolling out bogus packages.
>>>>
>>>> Name one way to defeat a rogue live CD put out on the Internet *other*
>>>> than
>>>> what I said about not downloading it just because someone shouts about
>>>> it in
>>>
>>> I can name a dozen ways in a few different categories ya' ninny.
>>> Hashes, digital signatures, and transport layer certificates signed by
>>> trusted CA's are collectively the methods you're apparently oblivious
>>> to. That's part what those tools are designed to do ferChristsakes.
>>
>> How do they stop a begineer (or anyone else) downloading an image from
>> anywhere, putting it on a CD and booting it ferChristsakes?
>> There is nothing in a PC to stop it and there would be nothing on the CD
>> to stop it so you are just dreaming.
>>
>> When you come up with a mechanism that stops someone putting a hacked
>> image on P2P then maybe I will believe you untill then shut up.
>>
>>
>
> owl@laptop:~/iso$ cat pclinuxos-2007.md5sum
> cf31f44513c9b30caaa1f1d2c382c033 pclinuxos-2007.iso
> owl@laptop:~/iso$ md5sum pclinuxos-2007.iso
> cf31f44513c9b30caaa1f1d2c382c033 pclinuxos-2007.iso
> owl@laptop:~/iso$ md5sum evil_pclinuxos-2007.iso
> d41d8cd98f00b204e9800998ecf8427e evil_pclinuxos-2007.iso
> owl@laptop:~/iso$

Do you really think that "dennis" will get it? I have him told before about
MD5. That retard still claims that people will find "hacked" versions of
liveCDs, download them and run them. Without so much as checking the MD5.
And this naturally in enormous masses. Millions of users I tell you,
*millions*
That it is *far* easier to go to the original sites and get the official
ISOs is beyond that brainless nimwit.

He is a typical windows user, that is, not even fit to serve as fertilizer
--
Any idiot can run Vista. And usually does.

dennis@home wrote:

>
> "Anonymous Sender" <anonymous@remailer.metacolo.com> wrote in message
> news:3e4be5540bb30f64dc0e0d781e773f8a@remailer.met acolo.com...
> > dennis@home wrote:
> >
> >>
> >> "Anonymous" <cripto@ecn.org> wrote in message
> >> news:a74ba05b9abd63f5f9afc787b8be985c@ecn.org...
> >> > dennis@home wrote:
> >> >
> >> >> There is *nothing* in Linux (or most OSes) to protect a user from such
> >> >> a
> >> >> simple attack and yet you think I am paranoid for not listening to
> >> >> some
> >> >> troll posting download web sites in a news group. Do get a clue on
> >> >> what
> >> >> is
> >> >> and isn't safe with the computer you are supposed to be in charge of.
> >> >
> >> > Your state of clue-free is astounding. There's scores of ways to defeat
> >> > evil package distributors from dolling out bogus packages.
> >>
> >> Name one way to defeat a rogue live CD put out on the Internet *other*
> >> than
> >> what I said about not downloading it just because someone shouts about it
> >> in
> >
> > I can name a dozen ways in a few different categories ya' ninny.
> > Hashes, digital signatures, and transport layer certificates signed by
> > trusted CA's are collectively the methods you're apparently oblivious
> > to. That's part what those tools are designed to do ferChristsakes.
>
> How do they stop a begineer (or anyone else) downloading an image from
> anywhere, putting it on a CD and booting it ferChristsakes?

Ohhhh... pop ups, dialogs, and sometimes you even get to read <gasp!> a
series of alphanumeric characters and compare them.

Tough nut to crack for a windroid, I know.

> There is nothing in a PC to stop it and there would be nothing on the CD to
> stop it so you are just dreaming.
>
> When you come up with a mechanism that stops someone putting a hacked image
> on P2P then maybe I will believe you untill then shut up.
>
>

"owl" <owl@rooftop.invalid> wrote in message
news:eweoi3.zep329x@rooftop.invalid...
> dennis@home <dennis@killspam.kicks-ass.net> wrote:
>>
>> "Anonymous Sender" <anonymous@remailer.metacolo.com> wrote in message
>> news:3e4be5540bb30f64dc0e0d781e773f8a@remailer.met acolo.com...
>>> dennis@home wrote:
>>>
>>>>
>>>> "Anonymous" <cripto@ecn.org> wrote in message
>>>> news:a74ba05b9abd63f5f9afc787b8be985c@ecn.org...
>>>> > dennis@home wrote:
>>>> >
>>>> >> There is *nothing* in Linux (or most OSes) to protect a user from
>>>> >> such
>>>> >> a
>>>> >> simple attack and yet you think I am paranoid for not listening to
>>>> >> some
>>>> >> troll posting download web sites in a news group. Do get a clue on
>>>> >> what
>>>> >> is
>>>> >> and isn't safe with the computer you are supposed to be in charge
>>>> >> of.
>>>> >
>>>> > Your state of clue-free is astounding. There's scores of ways to
>>>> > defeat
>>>> > evil package distributors from dolling out bogus packages.
>>>>
>>>> Name one way to defeat a rogue live CD put out on the Internet *other*
>>>> than
>>>> what I said about not downloading it just because someone shouts about
>>>> it
>>>> in
>>>
>>> I can name a dozen ways in a few different categories ya' ninny.
>>> Hashes, digital signatures, and transport layer certificates signed by
>>> trusted CA's are collectively the methods you're apparently oblivious
>>> to. That's part what those tools are designed to do ferChristsakes.
>>
>> How do they stop a begineer (or anyone else) downloading an image from
>> anywhere, putting it on a CD and booting it ferChristsakes?
>> There is nothing in a PC to stop it and there would be nothing on the CD
>> to
>> stop it so you are just dreaming.
>>
>> When you come up with a mechanism that stops someone putting a hacked
>> image
>> on P2P then maybe I will believe you untill then shut up.
>>
>>
>
> owl@laptop:~/iso$ cat pclinuxos-2007.md5sum
> cf31f44513c9b30caaa1f1d2c382c033 pclinuxos-2007.iso
> owl@laptop:~/iso$ md5sum pclinuxos-2007.iso
> cf31f44513c9b30caaa1f1d2c382c033 pclinuxos-2007.iso
> owl@laptop:~/iso$ md5sum evil_pclinuxos-2007.iso
> d41d8cd98f00b204e9800998ecf8427e evil_pclinuxos-2007.iso
> owl@laptop:~/iso$
>

Is that supposed to stop something?
At best that allows someone who is already running Linux to checksum the
iso/
It fails because:

the newbie is running windows
the newbie doesn't know about it
most users are too idle/stupid
newbies are immune to all attacks because Linux is secure
it still relies on the user knowing the site is valid so the checksum is
valid
and finally because it still doesn't stop someone posting a fake live CD and
there is always a fool about.

"Anonymous" <cripto@ecn.org> wrote in message
news:f297c1df9b5555bc336cd080f2b742b7@ecn.org...
> dennis@home wrote:
>
>>
>> "Anonymous Sender" <anonymous@remailer.metacolo.com> wrote in message
>> news:3e4be5540bb30f64dc0e0d781e773f8a@remailer.met acolo.com...
>> > dennis@home wrote:
>> >
>> >>
>> >> "Anonymous" <cripto@ecn.org> wrote in message
>> >> news:a74ba05b9abd63f5f9afc787b8be985c@ecn.org...
>> >> > dennis@home wrote:
>> >> >
>> >> >> There is *nothing* in Linux (or most OSes) to protect a user from
>> >> >> such
>> >> >> a
>> >> >> simple attack and yet you think I am paranoid for not listening to
>> >> >> some
>> >> >> troll posting download web sites in a news group. Do get a clue on
>> >> >> what
>> >> >> is
>> >> >> and isn't safe with the computer you are supposed to be in charge
>> >> >> of.
>> >> >
>> >> > Your state of clue-free is astounding. There's scores of ways to
>> >> > defeat
>> >> > evil package distributors from dolling out bogus packages.
>> >>
>> >> Name one way to defeat a rogue live CD put out on the Internet *other*
>> >> than
>> >> what I said about not downloading it just because someone shouts about
>> >> it
>> >> in
>> >
>> > I can name a dozen ways in a few different categories ya' ninny.
>> > Hashes, digital signatures, and transport layer certificates signed by
>> > trusted CA's are collectively the methods you're apparently oblivious
>> > to. That's part what those tools are designed to do ferChristsakes.
>>
>> How do they stop a begineer (or anyone else) downloading an image from
>> anywhere, putting it on a CD and booting it ferChristsakes?
>
> Ohhhh... pop ups, dialogs, and sometimes you even get to read <gasp!> a
> series of alphanumeric characters and compare them.

Now you are being really stupid.. just what are you going to compare?

Do you not understand anything about social engineering?
Just because you may know about checksums and know where to find them and
how to compare them doesn't mean everyone knows.
Even when they know do you really think everyone checks.
Also it is probably possible to engineer an iso to have the correct
checksum.
It shouldn't be too hard as you have the source code for the checksum
program so you can modify it to add padding to the iso somewhere to make the
checksum anything you like. Unless you have mathmatical proof this can't be
done
>
> Tough nut to crack for a windroid, I know.

So far not a single one of you that has responded has shown any proof it
wouldn't work so I stand by what I said " don't download live cds unless you
are certain of where they come from and don't listen to people like 7
posting in newsgroups". its not hard even for you.

BTW I can post this from Linux if it makes you feel warm and fuzzy or you
could just carry on peeing down you leg.

pus.boy99******.com wrote:
> "Ms. Polly Ester" wrote:
>> http://news.yahoo.com/s/cmp/20070927...ylt=AiieE0MGKY...
>>
>> Fearing the restrictions it places on their work, the majority of open
>> source software developers do not plan to publish code in the next
>> year under a controversial new license authored by the main governing
>> body for open source and free software, according to a survey released
>> Wednesday.
>>
>> In addition, more than 40% of those surveyed said they won't ever
>> publish their work under Version 3 of the General Public License,
>> which was released earlier this year by the Free Software Foundation.
>> "GPLv3 is controversial because it imposes restrictions on what you
>> can do with programs," said John Andrews, CEO of survey taker Evans
>> Data, in a statement.
>
> More fragmentation to put some more nails in the Linux coffin. At some
> point the Linux loons will figure out that all of these spin offs are
> not a good thing for Linux.
>
> With 700+ different versions of Linux and now new GPL3 it's just more
> confusion for the suits that make the decisions. Microsoft makes it easy
> for those types. Linux makes it a clusterfsck.

"Pus Boy" as a nym is about as apt as any troll gets. What started out as
a post in comp.os.linux.advocacy she/he/it cross posted to MPWVG,
indicating her/his/it's intent to troll.

Information regarding PB's IP:

http://www.projecthoneypot.org/i_164...e9c13e9a01ef7d

IP Address Inspector
202.105.182.17

The Project Honey Pot system has detected behavior from the IP address
consistent with that of a comment spammer. Below we've reported some other
data associated with this IP. This interrelated data helps map spammers'
networks and aids in law enforcement efforts. If you know something about
this IP, please leave a comment.

Geographic Location [China] China
Spider First Seen approximately 2 weeks ago
Spider Last Seen within 1 week
Spider Sightings 16 visit(s)
First Post On approximately 2 weeks ago
Last Post On within 1 week
Form Posts 9 web post submission(s) sent from this IP

dennis@home <dennis@killspam.kicks-ass.net> wrote:
>
[...]
>
> Now you are being really stupid.. just what are you going to compare?
>
> Do you not understand anything about social engineering?
> Just because you may know about checksums and know where to find them and
> how to compare them doesn't mean everyone knows.
> Even when they know do you really think everyone checks.
> Also it is probably possible to engineer an iso to have the correct
> checksum.

Yeah, that should be easy. LOL.


> It shouldn't be too hard as you have the source code for the checksum
> program


So in order for this hack to work, you have to already 0wn the target?
Cool. Not sure that's ever been tried before.


> so you can modify it to add padding to the iso somewhere to make the
> checksum

You really are a cretin, aren't you? The md5sum program has
zero to do with the creation of the iso.

owl@laptop:~$ touch moron
owl@laptop:~$ echo "you are a moron" > moron
owl@laptop:~$ md5sum moron
1d9f934e45f34101e6841138eb12b5b5 moron
owl@laptop:~$ echo "now do you get it?" > moron
owl@laptop:~$ md5sum moron
c13c4f1d07170c78d1e508dcb606b06a moron
owl@laptop:~$

> anything you like. Unless you have mathmatical proof this can't be
> done


<proof>
LOL
</proof>

dennis@home wrote:

>
> "Anonymous" <cripto@ecn.org> wrote in message
> news:f297c1df9b5555bc336cd080f2b742b7@ecn.org...
> > dennis@home wrote:
> >
> >>
> >> "Anonymous Sender" <anonymous@remailer.metacolo.com> wrote in
> >> message
> >> news:3e4be5540bb30f64dc0e0d781e773f8a@remailer.met acolo.com...
> >> > dennis@home wrote:
> >> >
> >> >>
> >> >> "Anonymous" <cripto@ecn.org> wrote in message
> >> >> news:a74ba05b9abd63f5f9afc787b8be985c@ecn.org...
> >> >> > dennis@home wrote:
> >> >> >
> >> >> >> There is *nothing* in Linux (or most OSes) to protect a user
> >> >> >> from such
> >> >> >> a
> >> >> >> simple attack and yet you think I am paranoid for not
> >> >> >> listening to some
> >> >> >> troll posting download web sites in a news group. Do get a
> >> >> >> clue on what
> >> >> >> is
> >> >> >> and isn't safe with the computer you are supposed to be in
> >> >> >> charge of.
> >> >> >
> >> >> > Your state of clue-free is astounding. There's scores of ways
> >> >> > to defeat
> >> >> > evil package distributors from dolling out bogus packages.
> >> >>
> >> >> Name one way to defeat a rogue live CD put out on the Internet
> >> >> *other* than
> >> >> what I said about not downloading it just because someone
> >> >> shouts about it
> >> >> in
> >> >
> >> > I can name a dozen ways in a few different categories ya' ninny.
> >> > Hashes, digital signatures, and transport layer certificates
> >> > signed by trusted CA's are collectively the methods you're
> >> > apparently oblivious to. That's part what those tools are
> >> > designed to do ferChristsakes.
> >>
> >> How do they stop a begineer (or anyone else) downloading an image
> >> from anywhere, putting it on a CD and booting it ferChristsakes?
> >
> > Ohhhh... pop ups, dialogs, and sometimes you even get to read
> > <gasp!> a series of alphanumeric characters and compare them.
>
> Now you are being really stupid.. just what are you going to compare?

What part of "a series of alphanumeric characters" is confusing you,
Wintard?

> Do you not understand anything about social engineering?

More than you'll ever understand. That's how I know integrity checking
works you ninny. :)

> Just because you may know about checksums and know where to find them
> and how to compare them doesn't mean everyone knows.

Doesn't matter. There's enough people in the world with an IQ larger
than a hat size that you're protected too.

You're welcome.

> Even when they know do you really think everyone checks.
> Also it is probably possible to engineer an iso to have the correct
> checksum.

ROTFL!!!

Not even with MD5 kid, and that's the weakest that's ever used.

> It shouldn't be too hard as you have the source code for the checksum
> program so you can modify it to add padding to the iso somewhere to
> make the checksum anything you like. Unless you have mathmatical
> proof this can't be done

Clueless. Absolutely, 100%, congenitally clueless.

> > Tough nut to crack for a windroid, I know.
>
> So far not a single one of you that has responded has shown any proof
> it wouldn't work so I stand by what I said " don't download live cds

No, everyone has proved you wrong. Your inability to accept that won't
change a thing.

> unless you are certain of where they come from and don't listen to
> people like 7 posting in newsgroups". its not hard even for you.
>
> BTW I can post this from Linux if it makes you feel warm and fuzzy or
> you could just carry on peeing down you leg.

I doubt you could even manage to convincingly forge the appropriate
headers Wintard. Might be interesting to watch though. :)

dennis@home wrote:

> > owl@laptop:~/iso$ md5sum evil_pclinuxos-2007.iso
> > d41d8cd98f00b204e9800998ecf8427e evil_pclinuxos-2007.iso
> > owl@laptop:~/iso$
>
> Is that supposed to stop something?

Unless you're a total retard, yes.

> At best that allows someone who is already running Linux to checksum
> the iso/

ROTFL!

> It fails because:
>
> the newbie is running windows

My GOD you are one dumb son of a bitch.

http://en.wikipedia.org/wiki/Md5sum

http://www.microsoft.com/downloads/d...displaylang=en

> the newbie doesn't know about it

Yeah, it's not like values and appropriate warnings/instructions aren't
in print everywhere you go or anything.

> most users are too idle/stupid

Hard core Wintards obviously are anyway. You just proved that beyond
doubt. Fortunately you don't represent "most users".

> newbies are immune to all attacks because Linux is secure

It is, but if you have the IQ of a garden slug or better so is
Winblows in this respect.

> it still relies on the user knowing the site is valid so the checksum
> is valid

Baloney. You're USDA certified clueless.

> and finally because it still doesn't stop someone posting a fake live
> CD and there is always a fool about.

But it does prevent even marginally intelligent people from using them,
and by proxy even Wintards like you because most people actually do
check things like this. And say something when anomalies are found.

You're free to thank us, your superiors, any time now. :)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 30 Sep 2007 00:22:23 +0100,
dennis@home <dennis@killspam.kicks-ass.net> wrote:

> Also it is probably possible to engineer an iso to have the correct
> checksum.
> It shouldn't be too hard as you have the source code for the checksum
> program so you can modify it to add padding to the iso somewhere to make the
> checksum anything you like. Unless you have mathmatical proof this can't be
> done

It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
process works.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG/yr1d90bcYOAWPYRAjq6AKDc62ps61DVnZulsvXkMR4LlVArYgC gpAef
7cS/Rr0fUWeLEzWouAr1rlU=
=+3wY
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
Those who live by the sword are shot by those who don't.

"owl" <owl@rooftop.invalid> wrote in message
news:pzeoiw0049.s94@rooftop.invalid...

you are too stupid to argue with.
You can't even grasp the concept of changing an isos content to match a
checksum using the source code of the checksum program to make the fake data
needed.
If you can't understand even the basics there isn't much point in talking to
you.

"Jim Richardson" <warlock@eskimo.com> wrote in message
news:lgm3t4-5il.ln1@dragon.myth...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, 30 Sep 2007 00:22:23 +0100,
> dennis@home <dennis@killspam.kicks-ass.net> wrote:
>
>> Also it is probably possible to engineer an iso to have the correct
>> checksum.
>> It shouldn't be too hard as you have the source code for the checksum
>> program so you can modify it to add padding to the iso somewhere to make
>> the
>> checksum anything you like. Unless you have mathmatical proof this can't
>> be
>> done
>
> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
> process works.

So as I asked is there a mathematical proof that you can only end up with
one checksum for any set of data?
If there is then no you can't fake one, if there isn't then you probably
can.
I have not claimed to be a mathematician so I don't know.
Also it doesn't really matter as a social engineered hack doesn't need to
fool everyone so even if owl is wise enough to check the checksums not
everyone is.

There are an awful lot of people trying to put down perfectly good advice
for some reason.
It is enough to make you think they are trying to hide something.
When did it become good practice to download stuff from sites posted by
usenet users?

dennis@home wrote:

>
> "owl" <owl@rooftop.invalid> wrote in message
> news:pzeoiw0049.s94@rooftop.invalid...
>
> you are too stupid to argue with.
> You can't even grasp the concept of changing an isos content to match a
> checksum using the source code of the checksum program to make the fake
> data needed.
> If you can't understand even the basics there isn't much point in talking
> to you.

As it is you who claims that you can "pad" the contents to achieve
the "valid" checksum, you better prove your claim. Please take into
consideration that you are not allowed to put more data on that CD than it
could physically hold when you are in your "proof" phase. We certainly
can't await your long winded, boring and naturally utterly wrong "Proof"

As of now, you have simply posted extremely stupid FUD.
You are good windows user, atta boi. Certainly dumb enough
--
You're not my type. For that matter, you're not even my species

dennis@home <dennis@killspam.kicks-ass.net> espoused:
>
> "Jim Richardson" <warlock@eskimo.com> wrote in message
> news:lgm3t4-5il.ln1@dragon.myth...
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Sun, 30 Sep 2007 00:22:23 +0100,
>> dennis@home <dennis@killspam.kicks-ass.net> wrote:
>>
>>> Also it is probably possible to engineer an iso to have the correct
>>> checksum.
>>> It shouldn't be too hard as you have the source code for the checksum
>>> program so you can modify it to add padding to the iso somewhere to make
>>> the
>>> checksum anything you like. Unless you have mathmatical proof this can't
>>> be
>>> done
>>
>> It's pretty obvious you have no clue on how the MD5 and SHA1 checksum
>> process works.
>
> So as I asked is there a mathematical proof that you can only end up with
> one checksum for any set of data?

Why don't you investigate md5, sha1 and so on, and find out? Then,
instead of spreading misinformation, you might actually have some facts.

You could start with looking at CRC checks used to prevent false framing
in TDM transport systems. You'll find that they are amazingly robust,
even though they work with relatively small numbers.

Then, consider just how large a binary or decimal number it could be
possible to express using all 700Mbytes of a CD.

--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
| Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
| Cola trolls: http://colatrolls.blogspot.com/ |
| My (new) blog: http://www.thereisnomagic.org |