Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate crc32 checksum #521

Open
cassidyjames opened this issue Aug 4, 2021 · 2 comments
Open

Generate crc32 checksum #521

cassidyjames opened this issue Aug 4, 2021 · 2 comments

Comments

@cassidyjames
Copy link
Contributor

cassidyjames commented Aug 4, 2021

Etcher has started exposing the calculated crc32 checksum of an image after it's flashed; it would cut down on our documentation if we used that to verify both the download and the flashed drive.

screenshot with CRC32 checksum

@davidmhewitt
Copy link
Member

davidmhewitt commented Aug 4, 2021

Worth noting that CRC32 is not a "secure" checksum in the sense that it's very easy to generate collisions.

So, it would be trivial for someone to download an ISO, modify it in some malicious way and also include a file made up of carefully calculated data that would make the checksum match afterwards.

I know that the main point of the process is to verify that there wasn't any corruption. But there's the side benefit of verifying the iso you've downloaded is the same one we published too. So we definitely want to keep publishing the more "secure" hashes too.

@cassidyjames
Copy link
Contributor Author

@davidmhewitt it turns out Etcher doesn't actually expose these as prominently anymore so it's probably a non-issue. I've updated the installation docs to use the built-in Windows method of verifying instead of Rufus' anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants