Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. md5sum is included with many linux/unix-ish/bsd/etc distributions. it's included in gnu's textutils package i think (and isn't linked against openssl). -tcl. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. ftp://ftp.sgi.com/sgi/fax/contrib/md5.tar.gz ftp://ftp.hylafax.org/contrib/md5.tar.gz -- Tim RiceMultitalents(707) 887-1469 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
md5 for bootstrap checksum of md5 implementations? (Re: [ANNOUNCE] OpenSSL 0.9.6f released)
John Allen's md5-in-perl? http://www.cypherspace.org/adam/rsa/md5.html #!/usr/bin/perl -iH9T4C`_-JXF8NMS^$#)4=@,$18%0X4!`L0%P8*#Q4``04``04#!P`` @A=unpack N4C24,unpack u,$^I;@K=map{int abs 2**32*sin$_}1..64;sub L{($x=pop) ($n=pop)|2**$n-1$x32-$n}sub M{($x=pop)-($m=1+~0)*int$x/$m}do{$l+=$r=read STDIN,$_,64;$r++,$_.=\x80if$r64!$p++;@W=unpack V16,$_.\0x7;$W[14]=$l*8 if$r57;($a,$b,$c,$d)=@A;for(0..63){$a=M$b+L$A[4+4*($_4)+$_%4],M{(sub{$b$c |$d~$b},sub{$b$d|$c~$d},sub{$b^$c^$d},sub{$c^($b|~$d)})[$z=$_/16]}+$W[($A[ 20+$z]+$A[24+$z]*($_%16))%16]+$K[$_]+$a;($a,$b,$c,$d)=($d,$a,$b,$c)}$v=a;for( @A[0..3]){$_=M$_+${$v++}}}while$r56;print unpack H32,pack V4,@A # RSA's MD5 You could include the code in the signed release announcement for example. More generally you could also type it in or visually compare it to a printed version or something as your boot strap of trust, and keep hash of standard linux statically of known good md5sum with the code also. (It's quite a bit slower than md5sum, though it only takes a couple of seconds to md5 a typical kernel with it -- eg /boot/vmlinuz). (See also sha1: http://www.cypherspace.org/adam/rsa/sha.html) Adam On Fri, Aug 09, 2002 at 10:06:41AM -0400, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:12:52AM -0400, tc lewis wrote: On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. md5sum is included with many linux/unix-ish/bsd/etc distributions. it's included in gnu's textutils package i think (and isn't linked against openssl). Indeed, as I've recently discovered, it's also bundled with cygwin. -- - Adam - Adam Fields, Managing Partner, [EMAIL PROTECTED] Surgam, Inc. is a technology consulting firm with strong background in delivering scalable and robust enterprise web and IT applications. Ask about Vignette maximization: http://www.surgam.net/vignette.html __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:06:41AM -0400, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. gpg --print-md md5 (filename) David -- David Shaw | [EMAIL PROTECTED] | WWW http://www.jabberwocky.com/ +---+ There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. - Jeremy S. Anderson __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 12:35:40AM +0200, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6f released === Why is the util/cygwin.sh file not in the distribution anymore? I don't find a word of that mentioned in the CHANGES file. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:01:09PM +0200, Corinna Vinschen wrote: On Fri, Aug 09, 2002 at 12:35:40AM +0200, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6f released === Why is the util/cygwin.sh file not in the distribution anymore? I don't find a word of that mentioned in the CHANGES file. I've just seen that's fixed with 0.9.6g. Thanks, Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
In message [EMAIL PROTECTED] on Fri, 09 Aug 2002 10:06:41 -0400, Rich Salz [EMAIL PROTECTED] said: rsalz rsalzThe checksums were calculated using the following commands: rsalz rsalz openssl md5 openssl-0.9.6f.tar.gz rsalz openssl md5 openssl-engine-0.9.6f.tar.gz rsalz rsalz Is there another md5/hash program that's readily available? rsalz Cf: Thompson's reflections on trusting trust. md5sum on my laptop gives the same answer. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]