DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st April 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default SHA256 replaces MD5 in OpenBSD snapshots

A note for OpenBSD snapshot trackers

Since a few days ago the OpenBSD snapshots use sha256 for checksumming instead of md5.
Code:
       96413 Apr 20 13:20 INSTALL.i386
       22356 Apr 20 13:21 INSTALL.linux
        2162 Apr 20 13:21 SHA256
    48264705 Apr 20 13:21 base45.tgz
     6726973 Apr 20 13:21 bsd
     6746319 Apr 20 13:21 bsd.mp
     5657948 Apr 20 13:21 bsd.rd
     5775360 Apr 20 13:21 cd45.iso
       44724 Apr 20 13:21 cdboot
        2048 Apr 20 13:21 cdbr
     3012608 Apr 20 13:21 cdemu45.iso
    90059567 Apr 20 13:21 comp45.tgz
      513503 Apr 20 13:21 etc45.tgz
     1474560 Apr 20 13:21 floppy45.fs
     1474560 Apr 20 13:21 floppyB45.fs
     1474560 Apr 20 13:21 floppyC45.fs
     2619863 Apr 20 13:21 game45.tgz
         269 Apr 20 13:21 index.txt
   240404480 Apr 20 13:21 install45.iso
     8236755 Apr 20 13:20 man45.tgz
     2935082 Apr 20 13:20 misc45.tgz
       53276 Apr 20 13:21 pxeboot
    10010661 Apr 19 22:46 xbase45.tgz
       68991 Apr 19 22:46 xetc45.tgz
    35580333 Apr 19 22:46 xfont45.tgz
    19912164 Apr 19 22:46 xserv45.tgz
     2839793 Apr 19 22:46 xshare45.tgz
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 21st April 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

I just read about this, marc.info has been done for a few days.. so I had some catching up to do.

In the long run, SHA256 hashes are much better.. not that I think MD5 is totally useless.
Reply With Quote
  #3   (View Single Post)  
Old 6th May 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

In context, the move to SHA256 from SHA-1 (128) is probably intended to decrease the likelihood of a hash collision, readers may find the following link of interest on approved crypto strengths and crypto-material-at-key-strength retention periods.

http://www.cse-cst.gc.ca/documents/publications/itsa-asti/itsa11d-eng.pdf

Accordingly, SHA-1, as a crypto component, is disallowed as of 2008/12 by the above Canadian govt standards.

It's interesting to see what algorithms and key-strengths are deprecating in 2010.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
  #4   (View Single Post)  
Old 6th May 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Just an added bonus, the new SHA256 hash file contains the xenocara sets now.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:52 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick