[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: checking system integrity



On Sun, Feb 11, 2001 at 10:44:35AM +1100, Peter Eckersley wrote:

> Perhaps you would be better off using SHA-1, which is regarded as a
> more secure alternative.  IIRC, there is a patent on SHA-1 which allows
> for its use in, eg, free software (somebody correct me if this is
> wrong?)

OpenBSD includes a sha1 utility which works the same way as md5sum, so
apparently sha1 is at the very least usable in Free Software...  

(everything in the OpenBSD /usr/ports collection has all three of md5,
sha1 and ripe160 (or whatever its called) hashes saved for the
upstream tarball that will be downloaded.  all three are verified
before the port is built. )

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpTGffGB4cKO.pgp
Description: PGP signature


Reply to: