FSUM which is for windows types includes the ability to do multiple hash algorithms including SHA
Brian Tipton "This is eternal life, that they may know you, the only true God, and Jesus Christ whom you have sent." [John 17:3] Get Firefox! Get Thunderbird! -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Michael A Chase Sent: Monday, February 21, 2005 6:25 AM To: [email protected] Subject: [users] Re: SHA1 to replace MD5 On Mon, 21 Feb 2005 09:13:31 +0200, Nicu Buculei wrote: > Mr. J. K M. McKean wrote: >> MD5 "...was all but broken by a German cryptographer, Hans >> Dobbertin..."[1] in 1996 wrote PGP's creator and founder of PGP >> Corporation, Phil Zimmermann. His application used RSA's MD5 and has >> changed to using SHA-1, also openly published developed by the NSA >> for the NIST. I notice you use MD5 checksums on OOo downloads on >> your website and I recommend changing to SHA-1. > > if you don't know, also SHA-1 was broken recently: > http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html > stronger algorithms like SHA-256 and SHA-512 are recommended. The real question for us is whether either is strong enough for our purposes. Our main use for any digest is to confirm that a user has received an uncorrupted copy of OOo. For that purpose the CRC built into gzip or zip is sufficient, but we use MD5 because it is easier to explain how to run one program (md5sum) rather than first guessing what program the user has for .zip archives and then explaining how to use its test options. sha1sum is part of most GNU/Linux distributions, but I could only find one source for sha1sum in MSWin when I googled recently. If someone with ill intent wanted to replace a good copy of OOo with a bad one, cryptographic attack on the digest is the least of our worries. It would cost a lot less to subvert whoever is building the distribution packages. -- Mac :}) One OS to rule them all / One OS to find them, One OS to bring them all / and in the darkness bind them, In Redmond, where the shadows lie. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
