Friday, May 12, 2006

How reliable are checksums?

Or should I ask, how reliable are copy commands?

Okay, this doesn't relate to MySQL directly, but one should know that also MySQL provides md5 checksums for all downloads where you can easily verify if your downloaded file is really identical to the file on MySQL's server. Just type in "md5sum [filename]" and compare the displayed code to the code shown on the website - if they are identical, the file is also identical to its very last bit.

Last night I have downloaded the new SuSE Linux 10.1. I compared the md5 sums and they were absolutely identical to the codes provided at the download source:

sputnik:~/SuSE # md5sum SUSE-Linux-10.1-GM-x86_64-CD*
60cf3e9b090326c39334a72c66145ad2 SUSE-Linux-10.1-GM-x86_64-CD1.iso
15ea8db1b388fadce8e8ca853bb05901 SUSE-Linux-10.1-GM-x86_64-CD2.iso
0bdc464910785936a322f2519ca49da3 SUSE-Linux-10.1-GM-x86_64-CD3.iso
20884a4c45d406ae0c38fb0bc3ee7de8 SUSE-Linux-10.1-GM-x86_64-CD4.iso
5538cba168f0b32b9562f73a40977405 SUSE-Linux-10.1-GM-x86_64-CD5.iso


(compare with http://download.opensuse.org/distribution/SL-10.1/iso/MD5SUMS)

Then I used the scp command to transfer the iso files to another PC (from which I want to burn the CDs). After copying, I checked the md5 sums again and got following output:

mpopp@suse:~/SuSE_10_1> md5sum *
449c04a969166e49aa20efbe7be0a6a2 SUSE-Linux-10.1-GM-x86_64-CD1.iso
15ea8db1b388fadce8e8ca853bb05901 SUSE-Linux-10.1-GM-x86_64-CD2.iso
a828021a47c6af08c699469234ba4587 SUSE-Linux-10.1-GM-x86_64-CD3.iso
20884a4c45d406ae0c38fb0bc3ee7de8 SUSE-Linux-10.1-GM-x86_64-CD4.iso
59e3ebb1c397b923216dcca55acf7127 SUSE-Linux-10.1-GM-x86_64-CD5.iso


So, the checksums for CDs 2 and 4 are still identical, but all the others have changed. It took me two more attempts to get identical codes for CDs 3 and 5 and I'm still trying to get a correct checksum for CD 1 (after copying the file for at least 4 times, I got different checksums after each attempt). So this looks very strange to me.

However, I also have a downloaded Fedora Core 5 DVD where the md5 checksum did not match the code that was provided on the download source (which was of course the official Fedora download page). But the DVD works without problems and I have found no errors at all.

7 comments:

Markus Popp said...

Here are the checksums after five attempts to copy the iso file for the first CD:

mpopp@suse:~/SuSE_10_1> md5sum SUSE-Linux-10.1-GM-x86_64-CD1.iso
be1ff793918b61e1cd250101334eef94 SUSE-Linux-10.1-GM-x86_64-CD1.iso
mpopp@suse:~/SuSE_10_1> md5sum SUSE-Linux-10.1-GM-x86_64-CD1.iso
c87d1486b063b4ce40bbdc73235fd82b SUSE-Linux-10.1-GM-x86_64-CD1.iso
mpopp@suse:~/SuSE_10_1> md5sum SUSE-Linux-10.1-GM-x86_64-CD1.iso
55d216ac557498a8740f08adc09e4e23 SUSE-Linux-10.1-GM-x86_64-CD1.iso
mpopp@suse:~/SuSE_10_1> md5sum SUSE-Linux-10.1-GM-x86_64-CD1.iso
c26749747c4e8199aa3dfc2d596924bc SUSE-Linux-10.1-GM-x86_64-CD1.iso
mpopp@suse:~/SuSE_10_1> md5sum SUSE-Linux-10.1-GM-x86_64-CD1.iso
9ef829b5126f1f1bf476b8dc488d49eb SUSE-Linux-10.1-GM-x86_64-CD1.iso

It's really a cool random number generator ;-).

Anonymous said...

does file sizes differ? If so, then just give a try to sftp. it has resume support

Markus Popp said...

The file sizes are absolutely identical.

Anonymous said...

rsync is your friend.

Anonymous said...

It would be a somewhat better idea to serve the MD5 catalogue over SSL rather than cleartext http...

Anonymous said...

smells a lot like bad memory to me - you might want to try this http://bliki.rimuhosting.com/space/knowledgebase/linux/misc/quick+and+dirty+memory+checker

Markus Popp said...

You are right - I really had a defect RAM at this time. Now it's replaced, so I should give it another try to see if it works now ;-).