Skip to main content

Is it possible to get corrupted download with http?


For a long time I have assumed that it is not really possible to download a corrupted file via http as long as it's not corrupted on the server and the implementation of http protocol is correct, which is most likely the case for modern mainstream software.


So I always chuckled when I saw a download site offer an md5 hash of a file they provide for download. I haven't seen a case before, where I download a file, the size is correct but the content is not.


Well, today, I had a first case of this. I downloaded an iso of Ubuntu, tried to install it, it failed and after a long research (I just could not believe that the reason could be a corrupted download) I checked the MD5 and what do you know, it was wrong (size was correct). So I re-downloaded it and got yet another wrong md5. Only on my third download the md5 was correct.


So my question is, is it possible in principle to get corrupted download over http, assuming that the implementation is correct, the transfer has finished successfully and that the file is correct on the server. If this is possible, then how can this happen?



Answer



Yes, it's possible, especially on poor quality Internet connections – usually wireless, but some wired connections (such as the one I have) also have high error rates at high speeds.


The HTTP protocol does not have any provisions for ensuring data integrity. On transport layer, TCP does have error detection by using a checksum, but it's not very reliable.



There is another reason for providing hashes or digital signatures. Often, the actual files are distributed over many mirror servers, which cannot be guaranteed to be 100% secure. If there's no hash or signature to verify, someone with access to a mirror (not necessarily legitimate) could replace the files and remain undetected, without having to break into a completely different server where the website is hosted.



You can get automatic verification of files if you download Ubuntu over BitTorrent instead of HTTP. (Each piece is verified at download time, so you never have to re-download the entire thing.)


Comments

Post a Comment

Popular Posts

keyboard - Is there any utility/method to change Windows key bindings to type rare chars to currently empty bindings?

I'm currently typing this post with my windows XP machine and (Spanish) keyboard, and I'd like to add some extra symbols to my text. I could open the "char map" windows utility, look for the desired symbols, and paste them. But I'd like something quickier. For example, when I'm using my OSX Mac at work, I can easily add a ©, ™, ® or similar symbols, just pressing some weird ALT-GR + G / H / J, key combinations. In my (Spanish) keyboard mapping, these combinations are empty, as they don't produce any char at all, which, on the other hand, is perfectly normal and desirable. So, I thought: Why couldn't I add some extra key mappings on top of my currently empty ALT-GR + G/J/H Keys in my Spanish keyboard, and thus, being able to quickly type these special symbols? So that's my question: Is there any utility/method to achieve that effect under windows? (My version is XP). I've even googled this for some time but no luck. I've been a long term Hot...
Post a Comment
Read more

virtualization - How to select paravirtualization interface in VirtualBox?

Given a windows 8 host system (Intel Core i5) and a Linux Fedora host, I would like to determine the optimal setting for the paravirtual interface. Options are none Default Legacy minimal Hyper-V KVM This page suggest the selection is only based on the guest system: The biggest change in VirtualBox 5.0 is the introduction of paravirtualization support, bringing higher performance and time-keeping accuracy to supported guest operating systems (Hyper-V on Windows and KVM on Linux). Is that correct? Answer The VirtualBox Manual , in the section titled Paravirtualization providers explains very clearly when each should be used (emphasis added): Minimal: Announces the presence of a virtualized environment. Additionally, reports the TSC and APIC frequency to the guest operating system. This provider is mandatory for running any Mac OS X guests. KVM: Presents a Linux KVM hypervisor interface which is recognized by Linux kernels starting with version 2.6.25. VirtualBox's implementati...
Post a Comment
Read more

Desktop reboots itself on sleep or hibernate

I have been using an ASUS M2NPV-VM motherboard for main home desktop workstation, operating Windows Vista x64. This computer has right from day one not been able to enter hibernate or standby; after Windows performs its final actions and brings the machine down, it would automatically revive itself for a reboot. Updating to the second latest BIOS (1201)has not helped (the latest BIOS revision would induce video refresh problems rendering it unusable). I have been reading related discussions on incidents similar to mine to no avail of a true workable solution. They appear to be more speculative guesses rather than actual knowledge on the inner workings of motherboard hardware. Does anybody have any electronic engineering experience on PC energy-saving standards to provide a more informed opinion how to go about getting this to work? More stories: this motherboard could not even reboot properly the first thing i used it. It was due to refresh rate of the onboard GPU, which had no influe...
Post a Comment
Read more

Excel 2010: if( , , "") not treated the same as blank for pivot table group by date

I'm trying to group by date in an Excel 2010 pivot table. The column with dates (i.e., the one want to group by), should be the latest date of 2 other columns if neither is null, or blank. i.e., with a formula like: =IF(AND(A4 "", B4 ""), MAX(A4,B4), "") Normally, this "" in the IF() formula acts the same as an empty cell. In this case, it is preventing me from grouping by date in the Pivot Table. If I filter the date column by (Blanks) , then clear the contents of all those cells, then the pivot table does group by date ok. i.e., "" is not being treated the same as an empty cell.
Post a Comment
Read more