Linux system compromised by backdoor Trojan

[JDW]

I'm not an expert on cryptography, but there are reports that say MD5 is weak, and SHA-2 is recommended. What is your opinion Zarel?

[Zarel]

I'm not an expert on cryptography, but there are reports that say MD5 is weak, and SHA-2 is recommended. What is your opinion Zarel?

MD5 is vulnerable to collision attacks.

Once you publish the MD5 hash of a file constructed with no malicious intent, it can't be attacked with collision attacks, only preimage attacks, which MD5 is not vulnerable to.

There are certain things MD5 is weak against, but for the majority of purposes we use it for, MD5 is just fine.

We as a society need a newer hash standard, and SHA-3 will be that standard, but MD5 is currently good enough.

[JDW]

Good to know, thanks Zarel..

[Corporal Punishment]

P.S: Personally, I would prefer the checksum displayed, to the right of the Download button for the game.. But it's your call..

But we often have two download buttons next to each other - see the Mac OS X version on the Download page, or the Videos. Where would we put the MD5 then?

How about opening a notification window after clicking the download link that shows the MD5 checksum for the respective file along with a link to the MD5 documentation?

[KukY]

How about opening a notification window after clicking the download link that shows the MD5 checksum for the respective file along with a link to the MD5 documentation?

Well, SF download page opens in a new tab, which hides notifications on Download page, you can't place them on SF pre-download page, and JS popups and alerts are annoying and often get blocked.

[m1ndgames]

would be a neat feature but.. how many of you people compared the checksums before extracting gz's?

i never did beside at work machines (where i had to)

[Zarel]

Well, SF download page opens in a new tab, which hides notifications on Download page, you can't place them on SF pre-download page, and JS popups and alerts are annoying and often get blocked.

This. There really aren't very many places to put an MD5. I was thinking about a mouseover thing, but that's way too much attention to draw to something that 80% of users have no idea what it is, and 19% know what it is and don't care.

[stiv]

There really aren't very many places to put an MD5.

Most people just put up a text file with the md5 checksum in it.

[Zarel]

Or we could just lobby Sourceforge to support the Content-MD5 header or whatever it's called.

[BlueMaxima]

Or we could just lobby Sourceforge to support the Content-MD5 header or whatever it's called.

Good luck with that.

[JDW]

Just a way the Linux Mint folks implemented it on their website

http://www.linuxmint.com/edition.php?id=52

[KukY]

Just a way the Linux Mint folks implemented it on their website

http://www.linuxmint.com/edition.php?id=52

Nice, but would take tooo much space.