![]() I do use MD5 hashes to verify the integrity of downloaded binary files. I am confident similar results would be obtained for a CSS file. Web server, except the first two versions gave the same hash (different from the I got similar results for a TXT file that is on my The working copy on my local hard drive, downloading via WS_FTP95 LE, andĭownloading via DOS FTP. ![]() It via "Save link target as", loading the page and saving it via "Save page as", Own Web pages that I know to be non-dynamic: selecting the link and downloading The problem I describe in comment #5Īpplies to all ASCII files, not just HTML files.Īs an example of that problem, I took the MD5 hash of five versions of one of my Note that Web pages are not the only ASCII files that might be targeted by a URL How would this be restricted to binary downloads? Global context of varying hardware hosts, operating systems, and browsers. Verifying Web pages against checksums or digital signatures will not work in a In the two years since I did that testing, I have come to the conclusion that Note thatĭigitally signing an ASCII E-mail message works because (1) the signatureĪpplies only to a section (the message block) within the file and not to theĮntire file and (2) the verification process then takes into account the To another without any alterations - can be signed and then later verified, anĪSCII file cannot unless the alterations are exactly reversed. While a binary file - transferred from one host I did some extensive testing about two years ago on the concept of using PGP forĭigitally signing Web pages. Such alterations invalidate any checksum used as fingerprints. Neither of which were intended by the page authors. ![]() Had scripts added to bring up advertisements or at least a Geocities watermark, Other alterations are somtimes added by Web servers. I reported thisĪs bug 211130, which was closed as a duplicate of bug 38121 (which does notĬlearly indicate the impact on verifying Web pages against fingerprints). Reverse the alteration when downloading into a browser window. Might be reversed when downloading the file via FTP, Mozilla and Firefox do not The PC end-of-line CR-LF (x0D0A) to the UNIX end-of-line LF (x0A). The problem is that the ASCII HTML file might be altered as it is uploaded from
0 Comments
Leave a Reply. |