owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM:
* Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400:
I notice that the tarballs also include a SHA1 digest. What's the
point?
To have a check whether the FTP download was successful to avoid
accidentally using
* Kenneth Goldman wrote on Sun, Apr 11, 2010 at 15:36 -0400:
owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM:
* Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400:
I notice that the tarballs also include a SHA1 digest.
What's the point?
To have a check whether
On Sun April 11 2010, Kenneth Goldman wrote:
owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM:
* Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400:
I notice that the tarballs also include a SHA1 digest. What's the
point?
To have a check whether the FTP
* Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400:
I notice that the tarballs also include a SHA1 digest. What's the
point?
To have a check whether the FTP download was successful to avoid
accidently using corrupt files, a file integrity check with a
checksum is quite common.
This is an openssl security meta-question.
I notice that the tarballs also include a SHA1 digest. What's the point?
1 - If anyone has authority to update the tarball with a counterfeit, can't
they also update the SHA1.
2 - The web site isn't protected by ssl (ironic). A MIM altering the