Dwight,
I don't think anyone else responded, so I'll take a stab at it.
Are you concerned about whether the file containing the md5sums is
authentic, or about whether the md5sum of the iso you downloaded is
correct (matches the md5sum in the text file you are talking about)?
The second is simpler to discuss, assuming the first is true.
Just run the md5sum command (executable) on the downloaded iso. If the
md5sum calculated by the md5sum executable matches the md5sum in the
text file you are talking about, then you have reasonable assurance that
your download has been error free.
If, somehow, someone replaced the "authentic" md5sums with some bogus
md5sums, (and the iso with a bogus iso), you (and many others) probably
have a problem.
I'm sure that could happen, but I haven't worried about it so far. Are
you downloading from a well-known / reliable mirror? If so, I wouldn't
worry too much about the possibility of someone having replaced the
file. Some people who publish isos use a program like PGP to "sign" the
files containing the md5sums (or the isos?) to guarantee authenticity.
(I'd tell you more about PGP, but I've never actually used it.)
Although the md5sum can be used to provide security against someone
having replaced the iso with a bogus iso, the bigger purpose of the
md5sum (in this case) is to provide a confirmation that your download
has been error free (I say, donning my asbestos longjohns).
Hope this helps,
Randy Kramer
Dwight wrote:
>
> Ok, this file appears to be a text file, and it says it is sums for ISO's to
> ensure they are all correct. The only problem is I haven't been able to find
> out how you test it to verify this string. Anyone got that info?
>
> Take Care, Dwight
>
> Daynotes, Columns, Tips, message boards, we try to give you it as much as we
> can. http://www.geekworld.ca/personal/
>
> Public Key is http://www.geekworld.ca/Keys/DwightWallbridge.asc
