Hello:
I don’t know if it’s feasible to post here. I think three checksums for every ISO/Package would be enough. Size Plus checksums enhance data integrity and that make it hard to make meaningful tampering.
I am not sure if I am asking too much. I think it's good for some people.Hey, I just saw openSUSE has 3 checksums for a ISO file. Gee…We fall behind.
Hi nagual_sorcerer07,
[QUOTE=nagual_sorcerer07;23616]Hello:
I don’t know if it’s feasible to post here. I think three checksums for every ISO/Package would be enough. Size Plus checksums enhance data integrity and that make it hard to make meaningful tampering.
I am not sure if I am asking too much. I think it's good for some people.[/QUOTE]
this is indeed no formal forum for suggestions towards SUSE - on the official page listing the checksums (https://download.suse.com/protected/Summary.jsp?buildid=Nw5At9_UZaA~ , mentioned in the other thread), you’ll find a “feedback” link in the page footer, that’s what will get attention of those in charge of that page.
The checksums listed there are in a format that you can feed to “md5sum -c”, in order to have your downloads verified automatically. Of course one could add sha1 or other checksums, too, but I doubt they would really offer enhanced security to the user.
What additional algorithms were you thinking of?
Regards,
Jens
Hello:
I ever tried Gentoo before. I copy their ideas – SHA512 HASH, WHIRLPOOL HASH
, and PGP SIGNATURE. But I think maybe sha1, SHA512 HASH, and WHIRLPOOL HASH
should be enough only if there is no MitM.