MD5 #18
Comments
|
@MarkRijckenberg Thanks for the report, it may be that this issue is a duplicate of #6 which also mentions the requirement of sha256sum and the need for a canonical checksum reference. As for sourceforge only publishing the SHA1 and MD5 via their 'i' "View details" icon, is that not a issue to take up with them? I don't think we have control over that. However it might be a good idea to upload / update an md5sum.txt and sha256.txt whenever their is a new iso release. On the torrent file side there is an updated link to a torrent download file, as well as a link to the sourceforge latest file on the Download page of http://rockstor.com/ ie: http://rockstor.com/download.html Apologies if I have missed your point in my response here. Thanks for highlighting this issue. |
|
I understand. In that case, would it be possible to add the SHA256 and SHA512 checksums of the .iso image here? http://rockstor.com/download.html It might also be a good idea to create a .torrent file containing the following files to make it even harder to tamper with those checksums:
|
|
I also think that checksum code is required on the download page. |
Hi!
I was wondering if you could replace all the MD5 checksums with SHA256 checksums on the following website in order to avoid collision attacks?
https://sourceforge.net/projects/rockstor/files/
MD5 is cryptographically broken and vulnerable to collision attacks since at least 2004.
https://en.wikipedia.org/wiki/MD5
It would be even better to include links to Bittorrent files which include the SHA256 checksums in the Bittorrent file itself.
Kind regards,
Mark Rijckenberg
The text was updated successfully, but these errors were encountered: