[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using sha512 checksum for default in CD/verify page

Le 25/09/2016 à 22:02, Holger Wansing a écrit :
> Hi,
> Stéphane Blondon <stephane.blondon@gmail.com> wrote:
>>  To validate the contents of a CD image, just be sure to use the
>>  appropriate checksum tool.
>> -For older archived CD releases, only MD5 checksums were generated in
>> -the <code>MD5SUMS</code> files; you should use the tool
>> -<code>md5sum</code> to work with these.
>> -For newer releases, newer and cryptographically stronger checksum
>> -algorithms (SHA1, SHA256 and SHA512) are used, and there are equivalent
>> -tools available to work with these.
>> +For recent releases, cryptographically strong checksum
>> +algorithms (SHA256 and SHA512) are used; you should use the tools
>> +<code>sha256sum</code> or <code>sha512sum</code> to work with these.
>> +For older archived CD releases, if only MD5 checksums were generated in
>> +the <code>MD5SUMS</code> files, you should use the tool
>> +<code>md5sum</code>.
>>  </p>
> For the second sentence, maybe better use something like:
> For older archived CD releases you will probably have to use the 
> <code>md5sum</code> tool, since only MD5 checksums might have been 
> generated for that releases.

After checking in the archive, MD5 checksum only is for very old releases:

v.7: SHA512, SHA256, SHA1, MD5
v.6: SHA512, SHA256, SHA1, MD5
v.5: SHA1, MD5
v.4: SHA1, MD5
v.3.1: MD5

So what do you think about:

For CD releases older than Debian 6, you have to use the
<code>sha1sum</code> or <code>md5sum</code> tools, depending which
checksums have been generated for that releases.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: