[Bug 777440] New: please provide secure checksums/hashes for DVD images and RPM headers.
https://bugzilla.novell.com/show_bug.cgi?id=777440 https://bugzilla.novell.com/show_bug.cgi?id=777440#c0 Summary: please provide secure checksums/hashes for DVD images and RPM headers. Classification: openSUSE Product: openSUSE 12.2 Version: RC 2 Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: estellnb@elstel.org QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20100101 Firefox/14.0.1 The DVD-isos still lack secure checksums (SHA-256/512): MD5 is cracked since 2004 and even against SHA alledged attacks are possible (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html). My wish would be to use the strongest available algorithm: SHA-512. You can keep the MD5s to verify against download errors and additionally provide SHA-512s for security checking against birthday attacks. It would also be very kind to have secure checksums for the files in the RPM header. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=777440
https://bugzilla.novell.com/show_bug.cgi?id=777440#c1
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=777440
https://bugzilla.novell.com/show_bug.cgi?id=777440#c2
--- Comment #2 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=777440
https://bugzilla.novell.com/show_bug.cgi?id=777440#c3
Elmar Stellnberger
participants (1)
-
bugzilla_noreply@novell.com