I downloaded an update file for my car's Satnav, size 30GB, it was done overnight, using the Download Manager via Wine on my Ubuntu OS, but the Manager reports that the Download Check (MD5) fails, and
repeatedly does so.
Wikipedia reports that the MD5 algorithm is broken.
Should I just install this new file anyway?
TIA.
The Wiki stuff is irrelevant, that is about a false positive, two
different files generating the same MD5 hash.
Am 08.02.2023 um 09:57:32 Uhr schrieb Pancho:
It is quite possible the site you downloaded it from messed up
their package, but I would download it again, possibly wait for the download site to change their files.
The Wiki stuff is irrelevant, that is about a false positive, two
different files generating the same MD5 hash.
There will always be multiple different inputs in a hash function like
MD5 that cause the same output. The question is just how fast these
can be found.
Manager reports that the Download Check (MD5) fails[snip]
Wikipedia reports that the MD5 algorithm is broken.
Should I just install this new file anyway?
Davey wrote:
Manager reports that the Download Check (MD5) fails[snip]
Wikipedia reports that the MD5 algorithm is broken.
What wikipedia means by "broken" is that somebody malicious can take
a bogus file, modify it to appear genuine.
What your satname means by "broken" is that the download has likely
been corrupted during download (or maybe someone *is* trying to get
you drive over a cliff in mysterious circumstances!)
In general if something says an MD5sum doesn't match you should
probably take notice, but if it says it *does* match you can no
longer be sure it's actually genuine.
Should I just install this new file anyway?
At the risk of corrupting the satnav firmware.
Davey wrote:
Manager reports that the Download Check (MD5) fails[snip]
Wikipedia reports that the MD5 algorithm is broken.
What wikipedia means by "broken" is that somebody malicious can take a
bogus file, modify it to appear genuine.
Am 08.02.2023 um 09:57:32 Uhr schrieb Pancho:
The Wiki stuff is irrelevant, that is about a false positive, two
different files generating the same MD5 hash.
There will always be multiple different inputs in a hash function like
MD5 that cause the same output. The question is just how fast these can
be found.
On 08/02/2023 11:42, Davey wrote:
On Wed, 8 Feb 2023 11:06:06 +0100
Marco Moock <mo01@posteo.de> wrote:
Am 08.02.2023 um 09:57:32 Uhr schrieb Pancho:
It is quite possible the site you downloaded it from messed up
their package, but I would download it again, possibly wait for
the download site to change their files.
The Wiki stuff is irrelevant, that is about a false positive, two
different files generating the same MD5 hash.
There will always be multiple different inputs in a hash function
like MD5 that cause the same output. The question is just how fast
these can be found.
Thanks for replies.
This was in fact the second attempt at downloading the file. The
first time, my laptop was using WiFi, so in case that had caused a
problem, I tried again using a wired connection, but with with the
same result. The original file has been on the website since
mid-2022, so is probably good, it is the download that is failing
if anything is. 30 GB is, for me, quite a large file, and I am on
ADSL.
I don't really know what I'm talking about, but...
I just noticed that you said you were using Wine, AIUI that suggests
using Windows and Linux. I, vaguely, remember a problem downloading
text files, related to different end of line characters (eol). Some
download managers would replace the Windows eol with the Linux eol,
or vice versa, which is harmless in terms of the actual text, but
would mess up an MD5 check.
On Wed, 8 Feb 2023 11:06:06 +0100
Marco Moock <mo01@posteo.de> wrote:
Am 08.02.2023 um 09:57:32 Uhr schrieb Pancho:
It is quite possible the site you downloaded it from messed up
their package, but I would download it again, possibly wait for the
download site to change their files.
The Wiki stuff is irrelevant, that is about a false positive, two
different files generating the same MD5 hash.
There will always be multiple different inputs in a hash function like
MD5 that cause the same output. The question is just how fast these
can be found.
Thanks for replies.
This was in fact the second attempt at downloading the file. The first
time, my laptop was using WiFi, so in case that had caused a problem, I
tried again using a wired connection, but with with the same result.
The original file has been on the website since mid-2022, so is
probably good, it is the download that is failing if anything is. 30 GB
is, for me, quite a large file, and I am on ADSL.
I downloaded an update file for my car's Satnav, size 30GB, it was done overnight, using the Download Manager via Wine on my Ubuntu OS, but the Manager reports that the Download Check (MD5) fails, and
repeatedly does so.
Wikipedia reports that the MD5 algorithm is broken.
Should I just install this new file anyway?
On 08/02/2023 08:56, Davey wrote:
I downloaded an update file for my car's Satnav, size 30GB, it was done overnight, using the Download Manager via Wine on my Ubuntu OS, but the Manager reports that the Download Check (MD5) fails, and
repeatedly does so.
Wikipedia reports that the MD5 algorithm is broken.
Should I just install this new file anyway?
No. It likely has been compromised, and what you have downloaded will certainly be malware of some sort. Very common with satnav files, there
is a large exploited market for sharing them freely rather than paying.
Adrian Caspersz <email@here.invalid> wrote:
On 08/02/2023 08:56, Davey wrote:
I downloaded an update file for my car's Satnav, size 30GB, it
was done overnight, using the Download Manager via Wine on my
Ubuntu OS, but the Manager reports that the Download Check (MD5)
fails, and repeatedly does so.
Wikipedia reports that the MD5 algorithm is broken.
Should I just install this new file anyway?
No. It likely has been compromised, and what you have downloaded
will certainly be malware of some sort. Very common with satnav
files, there is a large exploited market for sharing them freely
rather than paying.
That depends where the MD5 hash you are comparing with came from. If
it came from some authoritative source (like the manufacturer), then
maybe a download from a different site is hosting a file that's been
changed in some way (either maliciously or a corrupted download)
If the MD5 is on the same site as the download, then any hacker worth
their salt would change the hash to match the compromised version.
So the likelihood is it's a corrupted download.
If it's useful some manufacturer tool to do the download and the
hashing, it sounds more like the latter case. The manufacturer tool
wouldn't be downloading from dodgy sites.
Theo
On 10 Feb 2023 14:13:31 +0000 (GMT)
Theo <theom+news@chiark.greenend.org.uk> wrote:
Adrian Caspersz <email@here.invalid> wrote:
No. It likely has been compromised, and what you have downloaded
will certainly be malware of some sort. Very common with satnav
files, there is a large exploited market for sharing them freely
rather than paying.
That depends where the MD5 hash you are comparing with came from. If
it came from some authoritative source (like the manufacturer), then
maybe a download from a different site is hosting a file that's been
changed in some way (either maliciously or a corrupted download)
If the MD5 is on the same site as the download, then any hacker worth
their salt would change the hash to match the compromised version.
So the likelihood is it's a corrupted download.
If it's useful some manufacturer tool to do the download and the
hashing, it sounds more like the latter case. The manufacturer tool
wouldn't be downloading from dodgy sites.
Theo
I have gone to a main dealer, and it is downloading the file to my
stick. That should work!
Adrian Caspersz <email@here.invalid> wrote:
On 08/02/2023 08:56, Davey wrote:
I downloaded an update file for my car's Satnav, size 30GB, it was done
overnight, using the Download Manager via Wine on my Ubuntu OS, but the
Manager reports that the Download Check (MD5) fails, and
repeatedly does so.
Wikipedia reports that the MD5 algorithm is broken.
Should I just install this new file anyway?
No. It likely has been compromised, and what you have downloaded will
certainly be malware of some sort. Very common with satnav files, there
is a large exploited market for sharing them freely rather than paying.
That depends where the MD5 hash you are comparing with came from. If it
came from some authoritative source (like the manufacturer), then maybe a download from a different site is hosting a file that's been changed in some way (either maliciously or a corrupted download)
If the MD5 is on the same site as the download, then any hacker worth their salt would change the hash to match the compromised version. So the likelihood is it's a corrupted download.
If it's useful some manufacturer tool to do the download and the hashing, it sounds more like the latter case. The manufacturer tool wouldn't be downloading from dodgy sites.
Theo
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 285 |
Nodes: | 16 (2 / 14) |
Uptime: | 64:53:47 |
Calls: | 6,488 |
Calls today: | 1 |
Files: | 12,096 |
Messages: | 5,274,905 |