>Number: 171095 >Category: misc >Synopsis: provide secure hashes for downloadable isos & ports packages >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Aug 26 20:50:03 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Elmar Stellnberger >Release: packages-9.0-release >Organization: >Environment: >Description: It would be very kind of you to provide secure hashes for the ports packages as well as downloadable isos. MD5 is cracked since 2004 and even against SHA alledged attacks are possible (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html). My wish would be to use the strongest available algorithm: SHA-512. Why not keep the MD5s to verify against download errors and additionally have SHA-512s for security against birthday attacks (afaa).
-> ftp.freebsd.org/pub/FreeBSD/ports/*arch*/packages-X.Y-release/All/CHECKSUM.SHA-512 >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
