Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. md5sum is included with many linux/unix-ish/bsd/etc distributions. it's included in gnu's textutils package i think (and isn't linked against openssl). -tcl. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. ftp://ftp.sgi.com/sgi/fax/contrib/md5.tar.gz ftp://ftp.hylafax.org/contrib/md5.tar.gz -- Tim RiceMultitalents(707) 887-1469 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
md5 for bootstrap checksum of md5 implementations? (Re: [ANNOUNCE] OpenSSL 0.9.6f released)
John Allen's md5-in-perl?
http://www.cypherspace.org/adam/rsa/md5.html
#!/usr/bin/perl -iH9T4C`_-JXF8NMS^$#)4=@,$18%0X4!`L0%P8*#Q4``04``04#!P``
@A=unpack N4C24,unpack u,$^I;@K=map{int abs 2**32*sin$_}1..64;sub L{($x=pop)
($n=pop)|2**$n-1$x32-$n}sub M{($x=pop)-($m=1+~0)*int$x/$m}do{$l+=$r=read
STDIN,$_,64;$r++,$_.=\x80if$r64!$p++;@W=unpack V16,$_.\0x7;$W[14]=$l*8
if$r57;($a,$b,$c,$d)=@A;for(0..63){$a=M$b+L$A[4+4*($_4)+$_%4],M{(sub{$b$c
|$d~$b},sub{$b$d|$c~$d},sub{$b^$c^$d},sub{$c^($b|~$d)})[$z=$_/16]}+$W[($A[
20+$z]+$A[24+$z]*($_%16))%16]+$K[$_]+$a;($a,$b,$c,$d)=($d,$a,$b,$c)}$v=a;for(
@A[0..3]){$_=M$_+${$v++}}}while$r56;print unpack H32,pack V4,@A # RSA's MD5
You could include the code in the signed release announcement for
example.
More generally you could also type it in or visually compare it to a
printed version or something as your boot strap of trust, and keep
hash of standard linux statically of known good md5sum with the code
also. (It's quite a bit slower than md5sum, though it only takes a
couple of seconds to md5 a typical kernel with it -- eg
/boot/vmlinuz).
(See also sha1: http://www.cypherspace.org/adam/rsa/sha.html)
Adam
On Fri, Aug 09, 2002 at 10:06:41AM -0400, Rich Salz wrote:
The checksums were calculated using the following commands:
openssl md5 openssl-0.9.6f.tar.gz
openssl md5 openssl-engine-0.9.6f.tar.gz
Is there another md5/hash program that's readily available?
Cf: Thompson's reflections on trusting trust.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:12:52AM -0400, tc lewis wrote: On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. md5sum is included with many linux/unix-ish/bsd/etc distributions. it's included in gnu's textutils package i think (and isn't linked against openssl). Indeed, as I've recently discovered, it's also bundled with cygwin. -- - Adam - Adam Fields, Managing Partner, [EMAIL PROTECTED] Surgam, Inc. is a technology consulting firm with strong background in delivering scalable and robust enterprise web and IT applications. Ask about Vignette maximization: http://www.surgam.net/vignette.html __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:06:41AM -0400, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust. gpg --print-md md5 (filename) David -- David Shaw | [EMAIL PROTECTED] | WWW http://www.jabberwocky.com/ +---+ There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. - Jeremy S. Anderson __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 12:35:40AM +0200, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6f released === Why is the util/cygwin.sh file not in the distribution anymore? I don't find a word of that mentioned in the CHANGES file. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
On Fri, Aug 09, 2002 at 10:01:09PM +0200, Corinna Vinschen wrote: On Fri, Aug 09, 2002 at 12:35:40AM +0200, Richard Levitte - VMS Whacker wrote: -BEGIN PGP SIGNED MESSAGE- OpenSSL version 0.9.6f released === Why is the util/cygwin.sh file not in the distribution anymore? I don't find a word of that mentioned in the CHANGES file. I've just seen that's fixed with 0.9.6g. Thanks, Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6f released
In message [EMAIL PROTECTED] on Fri, 09 Aug 2002 10:06:41 -0400, Rich Salz [EMAIL PROTECTED] said: rsalz rsalzThe checksums were calculated using the following commands: rsalz rsalz openssl md5 openssl-0.9.6f.tar.gz rsalz openssl md5 openssl-engine-0.9.6f.tar.gz rsalz rsalz Is there another md5/hash program that's readily available? rsalz Cf: Thompson's reflections on trusting trust. md5sum on my laptop gives the same answer. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
