[gnupg-ru] Fw: [Announce] sha1sum for MS Windows released

Maxim Britov udjinrg forenet.by
10 09:18:06 CET 2004



Begin forwarded message:

Date: Thu, 09 Dec 2004 17:16:22 +0100
From: Werner Koch <wk  gnupg.org>
To: gnupg-announce  gnupg.org
Subject: [Announce] sha1sum for MS Windows released


Hi!

In the light of the recently found weaknesses in the MD5 hash function
we won't anymore accompany software announcements with MD5 checksums.
Instead SHA-1 checksums will be given.

All modern GNU/Linux systems are featuring a sha1sum tool, similar to
the md5sum too, so this there should be no problem checking the
checksums on these platforms.  For MS Windows no such tool is
available. To solve this problem, I wrote a simple sha1sum tool and
uploaded it along with a MS Windows binary (sha1sum.exe) to the GnuPG
ftp servers.  The source is also available and maybe used to check the
correctness or to build own binaries.  It should build on all
platforms.

There is of course a catch-22 in that you won't be able to check the
integrity of that tool without using it.  So you need to rely on other
ways of checking this tool; one possibility is to send it to a friend
and ask the friend to check the gpg signature for you.

Get it from ftp.gnupg.org at:

 ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.exe  (20k)
 ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.exe.sig

 ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.c (9k)
 ftp://ftp.gnupg.org/gcrypt/binary/sha1sum.c.sig

Usage is:

  sha1sum <files>

This version of sha1sum does not feature the -c (--check) option so
that you have to compare the printed checksums using our own eyes.

Please note that if you already have a working GnuPG installation it
is better to check the integrity of a package using the GnuPG
generated signature which is usually in files sufficed with ".sig",
".sign", or ".asc".  Using the checksum is only way to bootstrap an
installation.  The sha1sum utility might also be useful to verify
software which does does come with a gpg signature.

Happy hacking,

  Werner


-- 
Werner Koch                                      <wk  gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org


-- 
Maxim Britov

GnuPG KeyID 0x4580A6D66F3DB1FB Keyserver hkp://keyserver.kjsl.com
Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB
  JABBER: maxbritov  jabber.ru   ICQ 198171258
-------------- next part --------------
z'mjZr+t֦y<yi'*')('j۫y({_{o+^7qJz_ڶ֜gN5]?}}u
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce  gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce


Gnupg-ru