Re: Openssl tarball SHA1 checksum

2010-04-12 Thread Michael S. Zick
On Sun April 11 2010, Kenneth Goldman wrote: > owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM: > > > * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400: > > >I notice that the tarballs also include a SHA1 digest. What's the > > >point? > > > > To have a check whet

Re: Openssl tarball SHA1 checksum

2010-04-12 Thread Steffen DETTMER
* Kenneth Goldman wrote on Sun, Apr 11, 2010 at 15:36 -0400: > owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM: > > * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400: > > > I notice that the tarballs also include a SHA1 digest. > > > What's the point? > > > > To have a che

Re: Openssl tarball SHA1 checksum

2010-04-12 Thread Kenneth Goldman
owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM: > * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400: > >I notice that the tarballs also include a SHA1 digest. What's the > >point? > > To have a check whether the FTP download was successful to avoid > accidentally

Re: Openssl tarball SHA1 checksum

2010-04-11 Thread Steffen DETTMER
* Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400: >I notice that the tarballs also include a SHA1 digest. What's the >point? To have a check whether the FTP download was successful to avoid accidently using corrupt files, a file integrity check with a checksum is quite common.

Openssl tarball SHA1 checksum

2010-04-10 Thread Kenneth Goldman
This is an openssl security meta-question. I notice that the tarballs also include a SHA1 digest. What's the point? 1 - If anyone has authority to update the tarball with a counterfeit, can't they also update the SHA1. 2 - The web site isn't protected by ssl (ironic). A MIM altering the tarbal