|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] [XCP] Authenticty of XCP installation image.
Hi. Thank you for your answer however it is not enough... http://en.wikipedia.org/wiki/Md5#Security I believe md5 should not be used any more for security related purposes. These days computing a sha256 or at least sha1 should be used. Even sha1 was phased out by US gov in the 2010... Also plain email or http is not a secure way of communicating hash because it could easily be altered by malicious routers or ISP... Solutions to this is either serving the hash over secure connection like ssl/tls (httpS) or signing a file cryptographically like using pgp/gnupg. Thank you for trying to help... On 4/21/12, Outback Dingo <outbackdingo@xxxxxxxxx> wrote: > On Fri, Apr 20, 2012 at 4:56 AM, MichaÅ KaraÅ <mkosmita@xxxxxxxxx> wrote: >> Hi. >> >> How do I verify authenticity and integrity of downloaded XCP installation >> iso? >> I cannot find any digital signature or any page serving cryptographic >> hash over a secure connection. The download is also not available over >> httpS... >> > > Wow no too paranoid...... md5sum d80538645c4b3c8db8a3ec3e7c2546c2 > 53341/XCP-1.5-beta-base-53341.iso > >> Please help. >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@xxxxxxxxxxxxx >> http://lists.xen.org/xen-users > _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |