[Slackbuilds-users] MD5 hash sums

Konrad J Hambrick kjhambrick at gmail.com
Fri Aug 24 11:36:11 UTC 2018


All --

IMO ( and ITO of other SBo Customers ), The MD5SUM= field in the .info file
is to verify that the DOWNLOAD= files that you downloaded the same files
that the Maintainer downloaded.

Nothing more than that.

It is not for security -- the SBo Maintainer cannot guarantee that the
source files are secure -- that is the Upstream Developer's duty.

IOW, What Habs said.

-- kjh

On Fri, Aug 24, 2018 at 6:03 AM, <thyr at airmail.cc> wrote:

> However, you absolutely cannot assume that because the MD5 sum matches
>> that the file is in any way "safe" or was not tampered with /before/ the
>> maintainer got to it.
>>
>
> Can I assume that because MD5 sum matches that the file was not tampered
> after the maintainer got it? I believe this was the original scope of the
> thread in the first place.
>
> Quoting https://en.wikipedia.org/wiki/MD5#Preimage_vulnerability
>
> In April 2009, a preimage attack against MD5 was published that breaks
>> MD5's preimage resistance. This attack is only theoretical, ...
>>
>
> It was theoretical in 2009. The question is whether or not it was made
> practical in the past nine years? There are two possible outcomes. One: it
> was made practical and is not yet published. Two: it is still theoretical.
> Do you really want to wait until it becomes practical *and* published?
>
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - https://slackbuilds.org/faq/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20180824/3d46668d/attachment.html>


More information about the SlackBuilds-users mailing list