Date: Sun, 26 Aug 2012 20:42:10 GMT From: Elmar Stellnberger <estellnb@elstel.rivido.de> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/171095: provide secure hashes for downloadable isos & ports packages Message-ID: <201208262042.q7QKgA46029151@red.freebsd.org> Resent-Message-ID: <201208262050.q7QKo43O065575@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 171095 >Category: misc >Synopsis: provide secure hashes for downloadable isos & ports packages >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Aug 26 20:50:03 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Elmar Stellnberger >Release: packages-9.0-release >Organization: >Environment: >Description: It would be very kind of you to provide secure hashes for the ports packages as well as downloadable isos. MD5 is cracked since 2004 and even against SHA alledged attacks are possible (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html). My wish would be to use the strongest available algorithm: SHA-512. Why not keep the MD5s to verify against download errors and additionally have SHA-512s for security against birthday attacks (afaa). -> ftp.freebsd.org/pub/FreeBSD/ports/*arch*/packages-X.Y-release/All/CHECKSUM.SHA-512 >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208262042.q7QKgA46029151>