thr3ads.net - Gnupg announce - [Announce] sha1sum for MS Windows released [Dec 2004]

If this information is useful, please help other people find it:
Share via:

Werner Koch

2004-Dec-09 17:16 UTC

[Announce] sha1sum for MS Windows released

Hi!

In the light of the recently found weaknesses in the MD5 hash function
we won't anymore accompany software announcements with MD5 checksums.
Instead SHA-1 checksums will be given.

All modern GNU/Linux systems are featuring a sha1sum tool, similar to
the md5sum too, so this there should be no problem checking the
checksums on these platforms.  For MS Windows no such tool is
available. To solve this problem, I wrote a simple sha1sum tool and
uploaded it along with a MS Windows binary (sha1sum.exe) to the GnuPG
ftp servers.  The source is also available and maybe used to check the
correctness or to build own binaries.  It should build on all
platforms.

There is of course a catch-22 in that you won't be able to check the
integrity of that tool without using it.  So you need to rely on other
ways of checking this tool; one possibility is to send it to a friend
and ask the friend to check the gpg signature for you.

Get it from ftp.gnupg.org at:

 ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.exe  (20k)
 ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.exe.sig

 ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.c (9k)
 ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.c.sig

Usage is:

  sha1sum <files>

This version of sha1sum does not feature the -c (--check) option so
that you have to compare the printed checksums using our own eyes.

Please note that if you already have a working GnuPG installation it
is better to check the integrity of a package using the GnuPG
generated signature which is usually in files sufficed with ".sig",
".sign", or ".asc".  Using the checksum is only way to
bootstrap an
installation.  The sha1sum utility might also be useful to verify
software which does does come with a gpg signature.

Happy hacking,

  Werner


-- 
Werner Koch                                      <wk@gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : /pipermail/attachments/20041209/9fcf47cf/attachment.pgp

Reasonably Related Threads

Search for more reasonably related threads

Gnupg announce - Dec 2004 - [Announce] sha1sum for MS Windows released

[Announce] sha1sum for MS Windows released

Reasonably Related Threads

Wisdom of the Ancients