John Allen's md5-in-perl? http://www.cypherspace.org/adam/rsa/md5.html
#!/usr/bin/perl -iH9T4C`>_-JXF8NMS^$#)4=@<,$18%"0X4!`L0%P8*#Q4``04``04#!P`` @A=unpack N4C24,unpack u,$^I;@K=map{int abs 2**32*sin$_}1..64;sub L{($x=pop) <<($n=pop)|2**$n-1&$x>>32-$n}sub M{($x=pop)-($m=1+~0)*int$x/$m}do{$l+=$r=read STDIN,$_,64;$r++,$_.="\x80"if$r<64&&!$p++;@W=unpack V16,$_."\0"x7;$W[14]=$l*8 if$r<57;($a,$b,$c,$d)=@A;for(0..63){$a=M$b+L$A[4+4*($_>>4)+$_%4],M&{(sub{$b&$c |$d&~$b},sub{$b&$d|$c&~$d},sub{$b^$c^$d},sub{$c^($b|~$d)})[$z=$_/16]}+$W[($A[ 20+$z]+$A[24+$z]*($_%16))%16]+$K[$_]+$a;($a,$b,$c,$d)=($d,$a,$b,$c)}$v=a;for( @A[0..3]){$_=M$_+${$v++}}}while$r>56;print unpack H32,pack V4,@A # RSA's MD5 You could include the code in the signed release announcement for example. More generally you could also type it in or visually compare it to a printed version or something as your boot strap of trust, and keep hash of standard linux statically of known good md5sum with the code also. (It's quite a bit slower than md5sum, though it only takes a couple of seconds to md5 a typical kernel with it -- eg /boot/vmlinuz). (See also sha1: http://www.cypherspace.org/adam/rsa/sha.html) Adam On Fri, Aug 09, 2002 at 10:06:41AM -0400, Rich Salz wrote: > > > The checksums were calculated using the following commands: > > > > openssl md5 < openssl-0.9.6f.tar.gz > > openssl md5 < openssl-engine-0.9.6f.tar.gz > > Is there another md5/hash program that's readily available? > Cf: Thompson's reflections on trusting trust. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]