PDA

View Full Version : If possible, add two more checksums for every ISO



nagual_sorcerer07
15-Sep-2014, 15:02
Hello:
I don't know if it's feasible to post here. I think three checksums for every ISO/Package would be enough. Size Plus checksums enhance data integrity and that make it hard to make meaningful tampering.

I am not sure if I am asking too much. I think it's good for some people.

nagual_sorcerer07
15-Sep-2014, 15:07
Hey, I just saw openSUSE has 3 checksums for a ISO file. Gee...We fall behind.

jmozdzen
15-Sep-2014, 15:10
Hi nagual_sorcerer07,

Hello:
I don't know if it's feasible to post here. I think three checksums for every ISO/Package would be enough. Size Plus checksums enhance data integrity and that make it hard to make meaningful tampering.

I am not sure if I am asking too much. I think it's good for some people.

this is indeed no formal forum for suggestions towards SUSE - on the official page listing the checksums (https://download.suse.com/protected/Summary.jsp?buildid=Nw5At9_UZaA~ , mentioned in the other thread), you'll find a "feedback" link in the page footer, *that's* what will get attention of those in charge of that page.

The checksums listed there are in a format that you can feed to "md5sum -c", in order to have your downloads verified automatically. Of course one could add sha1 or other checksums, too, but I doubt they would really offer enhanced security to the user.

What additional algorithms were you thinking of?

Regards,
Jens

nagual_sorcerer07
15-Sep-2014, 15:28
Hello:
I ever tried Gentoo before. I copy their ideas -- SHA512 HASH, WHIRLPOOL HASH
, and PGP SIGNATURE. But I think maybe sha1, SHA512 HASH, and WHIRLPOOL HASH
should be enough only if there is no MitM.