A little problem verifying an hash

UEFg Karuna uefgkaruna at gmail.com
Fri Apr 7 22:36:29 CEST 2017

Hello list,

I downloaded the installer of the last windows version of gnupg along with
its signature (i.e. gnupg-w32-2.1.20_20170403.exe. and
gnupg-w32-2.1.20_20170403.exe.sig respectively) from the ftp server, then I
proceeded to verify the SHA-1 of the executable and it matched (just
because I'm feeling paranoid, is 69308ee80699ebb48a055963418597767a76d1d8

Out of curiosity I then wanted to check if the .sig hash matched using all
the hashing tools I have (since at this time I don't have gnupg installed,
this is just a mean to say that the hashing tools I'm using are legitimate
if they all report the same value; the hash of the signature is not
provided). Now to the problem: a site called onlinemd5(dot)com (regular
HTTP, no HTTPS) reported values (SHA-1:
161B31EA6F627D3F17E896486AF886283450C946 and SHA-256:
369648131DE31A8CA44BEDA00D6A8ECB61C405F8FD8F03649BF80720F02525A7) different
from the ones of every other hashing tool (SHA-1:
3E15A03A29798718DCFAC54CADED34414284D6D9 and SHA-256:

I verified some other files using 11 different tools and they all matched,
but just in this case one of them failed. This is the first time I
encounter such a situation. How can this happen?

priva di virus. www.avast.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170407/fef83f53/attachment.html>

More information about the Gnupg-users mailing list