misc/171095: provide secure hashes for downloadable isos & ports packages

Elmar Stellnberger estellnb at elstel.rivido.de
Sun Aug 26 20:50:04 UTC 2012


>Number:         171095
>Category:       misc
>Synopsis:       provide secure hashes for downloadable isos & ports packages
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 26 20:50:03 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Elmar Stellnberger
>Release:        packages-9.0-release
>Organization:
>Environment:
>Description:
  It would be very kind of you to provide secure hashes for the ports packages as well as downloadable isos. MD5 is cracked since 2004 and even against  SHA alledged attacks are possible (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html). My wish would be to use the strongest available algorithm: SHA-512. Why not keep the MD5s to verify against download errors and additionally have SHA-512s for security against birthday attacks (afaa).

-> ftp.freebsd.org/pub/FreeBSD/ports/*arch*/packages-X.Y-release/All/CHECKSUM.SHA-512
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list