If you were an attacker, which would you go with:
1) The brute-force attack which will require hundreds of thousands of CPU-years.
In this case an attacker would definitely go with this option. Since they can't change most of the IOS bytes because they contain IOS and the exploit, they would definitely run a brute force attack on the remaining bytes. Granted, the chances of success are slim, but these are people who are used to playing the odds even if they lose most of the time.
3) 'md5sum trojan_ios.bin' and cut-n-paste that into the web page.
One would hope that Cisco is taking measures to protect against that.
You missed the point - if the *FILE* you downloaded from a webpage is suspect, why do you trust the MD5sum that *the same webpage* says is correct?
I wasn't thinking of any old web page but one that belongs to a trusted vendor and which requires some kind of authentication before you can get to the file. In any case, the whole issue ca be bypassed using CDs or using a PGP chain of trust. --Michael Dillon