Why do you ask this every release?
Why wasn't the answer last time good enough for you?
On Tue, May 08, 2007 at 02:35:37AM +0200, Sebastian Rother wrote:
Guys if you realy care about security why does nobody asks about
using gzsig.
Even useable for the packages...
Kind regards,
On Tue, 8 May 2007 07:28:32 -0500
Marco Peereboom [EMAIL PROTECTED] wrote:
Why do you ask this every release?
Why wasn't the answer last time good enough for you?
You missed the point.
I didn`t asked but mentioned gzsig as alternativ to MD5-Hashes and
other things wich are mentioned in the
2007/5/7, Adam Hawes [EMAIL PROTECTED]:
MD5 is proven weak. It's possible to take almost any file and its
MD5 then create an identically sized file with the same hash in a
reasonable time. This can be used to pass out an arbitrary CD
image that completely trashes the contents of your hard
On Mon, May 07, 2007 at 11:57:50AM +0200, Martin Schr?der wrote:
2007/5/7, Adam Hawes [EMAIL PROTECTED]:
MD5 is proven weak. It's possible to take almost any file and its
MD5 then create an identically sized file with the same hash in a
reasonable time. This can be used to pass out an
On 5/7/07, Tobias Ulmer [EMAIL PROTECTED] wrote:
Btw, pgp requires a working web of trust, it's not secure just because
you can sign something.
Joe Cracker can easily generate a key with Theo de Raadt [EMAIL PROTECTED]
and provides you with signed filesets. Who steps up to organise key
signing
Guys if you realy care about security why does nobody asks about
using gzsig.
Even useable for the packages...
Kind regards,
Sebastian
Um, can you site a single *real world* example of where md5 sums
have been co-opted in any way? Yes, md5 now has a weakness, but
really, are there any cases of anyone having actually exploited it?
It's that kind of attitude that is responsible for probably more than
half of the breaches that
On 5/6/07, Adam Hawes [EMAIL PROTECTED] wrote:
Um, can you site a single *real world* example of where md5 sums
have been co-opted in any way? Yes, md5 now has a weakness, but
really, are there any cases of anyone having actually exploited it?
That is not my point. My point is that if MD5
Open Phugu wrote:
From a project that has always placed security before
everything, I do not understand the motivation behind not using a secure
algorithm such as SHA-256 or SHA-512.
Maybe they just understand the security implications better than you do.
---
Lars Hansson
Open Phugu wrote:
On 5/6/07, Adam Hawes [EMAIL PROTECTED] wrote:
Um, can you site a single *real world* example of where md5 sums
have been co-opted in any way? Yes, md5 now has a weakness, but
really, are there any cases of anyone having actually exploited it?
That is not my point. My
Just out of curiosity...
Is it logical to use an OS for the intense focus on security and
correctness, yet download the binaries from a random person on a mailing
list instead of any official source with reasonable file integrity
checking process in place?
From:
On Sat, May 05, 2007 at 12:43:34PM +0200, Justin Smith wrote:
Just out of curiosity...
Is it logical to use an OS for the intense focus on security and
correctness, yet download the binaries from a random person on a mailing
list instead of any official source with reasonable file
Speaking of this, when will the OpenBSD project begin to post SHA256
hashes
to the ftp sites. MD5 is dead: these two files are different and yet
have the same
MD5 hash.
http://www.cits.rub.de/imperia/md/content/magnus/letter_of_rec.ps
On Fri, May 04, 2007 at 10:34:33AM -0400, John Fiore wrote:
| Speaking of this, when will the OpenBSD project begin to post SHA256
| hashes
| to the ftp sites. MD5 is dead: these two files are different and yet
| have the same
| MD5 hash.
|
On 2007/05/04 17:03, Paul de Weerd wrote:
Dont forget that they should also be valid gzip'ed tar archives
that makes things *significantly* easier:
valid gzip + random crap = valid gzip
On 5/4/07, John Fiore [EMAIL PROTECTED] wrote:
Speaking of this, when will the OpenBSD project begin to post SHA256
hashes
to the ftp sites. MD5 is dead: these two files are different and yet
have the same
MD5 hash.
http://www.cits.rub.de/imperia/md/content/magnus/letter_of_rec.ps
Great. Could you please show me the link to files that have the same
length
and MD5 as those in the 4.1 release?
That means nothing. If the OpenBSD project used a CRC16 to verify
integrity,
your argument would still hold.
I wasn't aware that I made an argument. I simply asked a
On Friday 04 May 2007 13:46:12 Open Phugu wrote:
On 5/4/07, John Fiore [EMAIL PROTECTED] wrote:
Speaking of this, when will the OpenBSD project begin to post SHA256
hashes
to the ftp sites. MD5 is dead: these two files are different and yet
have the same
MD5 hash.
On 5/4/07, John Fiore [EMAIL PROTECTED] wrote:
Your point is taken, however, can you illustrate the threat against which
the stronger hash is to protect? If the threat is that someone will
redirect you to a fake openbsd.org (through DNS cache poisoning, etc.), the
stronger hash offers no
If you participate on this list, buy the cds. This isn't your flavor of the
week linux distro.
On 5/2/07, Matiss Miglans [EMAIL PROTECTED] wrote:
I think there is checksums only for base system, without X, source,
ports, packages, etc
Or, I don't know where they find.
Open Phugu wrote:
Hello!
On Tue, May 01, 2007 at 02:33:50PM -0700, andrew fresh wrote:
Probably everyone knows already, but I just wanted to get the word out
that there are OpenBSD 4.1 torrents now on the torrent site:
http://openbsd.somedomain.net/index.php?version=4.1
So far they are mostly just the files off
just remember to make a donation to the OpenBSD project if you chose to
acquire OpenBSD via any download site.
g.day
diana
On Tue, May 01, 2007 at 02:33:50PM -0700, andrew fresh wrote:
Probably everyone knows already, but I just wanted to get the word out
that there are OpenBSD 4.1 torrents now on the torrent site:
http://openbsd.somedomain.net/index.php?version=4.1
So far they are mostly just the files off
On Wed, May 02, 2007 at 08:07:10PM -0400, Clint M. Sand wrote:
On Tue, May 01, 2007 at 02:33:50PM -0700, andrew fresh wrote:
http://openbsd.somedomain.net/index.php?version=4.1
Just out of curiosity...
Is it logical to use an OS for the intense focus on security and
correctness, yet
On 5/2/07, Mike Erdely [EMAIL PROTECTED] wrote:
On Wed, May 02, 2007 at 08:07:10PM -0400, Clint M. Sand wrote:
On Tue, May 01, 2007 at 02:33:50PM -0700, andrew fresh wrote:
http://openbsd.somedomain.net/index.php?version=4.1
Just out of curiosity...
Is it logical to use an OS for the
I think there is checksums only for base system, without X, source,
ports, packages, etc
Or, I don't know where they find.
Open Phugu wrote:
On 5/2/07, Mike Erdely [EMAIL PROTECTED] wrote:
On Wed, May 02, 2007 at 08:07:10PM -0400, Clint M. Sand wrote:
On Tue, May 01, 2007 at 02:33:50PM
Probably everyone knows already, but I just wanted to get the word out
that there are OpenBSD 4.1 torrents now on the torrent site:
http://openbsd.somedomain.net/index.php?version=4.1
So far they are mostly just the files off of the CDs, but as I get
synced up, the package torrents will update
27 matches
Mail list logo