On Sun April 11 2010, Kenneth Goldman wrote:
> owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM:
>
> > * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400:
> > >I notice that the tarballs also include a SHA1 digest. What's the
> > >point?
> >
> > To have a check whet
* Kenneth Goldman wrote on Sun, Apr 11, 2010 at 15:36 -0400:
> owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM:
> > * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400:
> > > I notice that the tarballs also include a SHA1 digest.
> > > What's the point?
> >
> > To have a che
owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM:
> * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400:
> >I notice that the tarballs also include a SHA1 digest. What's the
> >point?
>
> To have a check whether the FTP download was successful to avoid
> accidentally
* Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400:
>I notice that the tarballs also include a SHA1 digest. What's the
>point?
To have a check whether the FTP download was successful to avoid
accidently using corrupt files, a file integrity check with a
checksum is quite common.
This is an openssl security meta-question.
I notice that the tarballs also include a SHA1 digest. What's the point?
1 - If anyone has authority to update the tarball with a counterfeit, can't
they also update the SHA1.
2 - The web site isn't protected by ssl (ironic). A MIM altering the
tarbal