Linux system compromised by backdoor Trojan
Re: Linux system compromised by backdoor Trojan
I'm not an expert on cryptography, but there are reports that say MD5 is weak, and SHA-2 is recommended. What is your opinion Zarel?
"Speak when you are angry and you will make the best speech you will ever regret."
-- Ambrose Bierce
-- Ambrose Bierce
Re: Linux system compromised by backdoor Trojan
MD5 is vulnerable to collision attacks.j0shdrunk0nwar wrote:I'm not an expert on cryptography, but there are reports that say MD5 is weak, and SHA-2 is recommended. What is your opinion Zarel?
Once you publish the MD5 hash of a file constructed with no malicious intent, it can't be attacked with collision attacks, only preimage attacks, which MD5 is not vulnerable to.
There are certain things MD5 is weak against, but for the majority of purposes we use it for, MD5 is just fine.
We as a society need a newer hash standard, and SHA-3 will be that standard, but MD5 is currently good enough.
Re: Linux system compromised by backdoor Trojan
Good to know, thanks Zarel..
"Speak when you are angry and you will make the best speech you will ever regret."
-- Ambrose Bierce
-- Ambrose Bierce
- Corporal Punishment
- Trained
- Posts: 291
- Joined: 28 Aug 2009, 12:29
Re: Linux system compromised by backdoor Trojan
How about opening a notification window after clicking the download link that shows the MD5 checksum for the respective file along with a link to the MD5 documentation?Zarel wrote:But we often have two download buttons next to each other - see the Mac OS X version on the Download page, or the Videos. Where would we put the MD5 then?j0shdrunk0nwar wrote:P.S: Personally, I would prefer the checksum displayed, to the right of the Download button for the game.. But it's your call..
Qui desiderat pacem bellum praeparat
Flavius Vegetius Renatus, De re militari
Flavius Vegetius Renatus, De re militari
Re: Linux system compromised by backdoor Trojan
Well, SF download page opens in a new tab, which hides notifications on Download page, you can't place them on SF pre-download page, and JS popups and alerts are annoying and often get blocked.Corporal Punishment wrote:How about opening a notification window after clicking the download link that shows the MD5 checksum for the respective file along with a link to the MD5 documentation?
Re: Linux system compromised by backdoor Trojan
would be a neat feature but.. how many of you people compared the checksums before extracting gz's?
i never did beside at work machines (where i had to)
i never did beside at work machines (where i had to)
Stuff: My Music - Game Hosting Guide
Coding: New Lobbyserver - Needs suggestions
Maps: Bridgebattle - FightClub
Coding: New Lobbyserver - Needs suggestions
Maps: Bridgebattle - FightClub
Re: Linux system compromised by backdoor Trojan
This. There really aren't very many places to put an MD5. I was thinking about a mouseover thing, but that's way too much attention to draw to something that 80% of users have no idea what it is, and 19% know what it is and don't care.KukY wrote:Well, SF download page opens in a new tab, which hides notifications on Download page, you can't place them on SF pre-download page, and JS popups and alerts are annoying and often get blocked.
Re: Linux system compromised by backdoor Trojan
Most people just put up a text file with the md5 checksum in it.There really aren't very many places to put an MD5.
Re: Linux system compromised by backdoor Trojan
Or we could just lobby Sourceforge to support the Content-MD5 header or whatever it's called.
- BlueMaxima
- Trained
- Posts: 431
- Joined: 05 Jun 2008, 09:20
- Location: Sydney, Australia
- Contact:
Re: Linux system compromised by backdoor Trojan
Good luck with that.Zarel wrote:Or we could just lobby Sourceforge to support the Content-MD5 header or whatever it's called.
Bring back...ducks!
Re: Linux system compromised by backdoor Trojan
Just a way the Linux Mint folks implemented it on their website
http://www.linuxmint.com/edition.php?id=52
http://www.linuxmint.com/edition.php?id=52
"Speak when you are angry and you will make the best speech you will ever regret."
-- Ambrose Bierce
-- Ambrose Bierce
Re: Linux system compromised by backdoor Trojan
Nice, but would take tooo much space.j0shdrunk0nwar wrote:Just a way the Linux Mint folks implemented it on their website
http://www.linuxmint.com/edition.php?id=52