A little problem verifying an hash
UEFg Karuna
uefgkaruna at gmail.com
Fri Apr 7 22:36:29 CEST 2017
Hello list,
I downloaded the installer of the last windows version of gnupg along with
its signature (i.e. gnupg-w32-2.1.20_20170403.exe. and
gnupg-w32-2.1.20_20170403.exe.sig respectively) from the ftp server, then I
proceeded to verify the SHA-1 of the executable and it matched (just
because I'm feeling paranoid, is 69308ee80699ebb48a055963418597767a76d1d8
right?).
Out of curiosity I then wanted to check if the .sig hash matched using all
the hashing tools I have (since at this time I don't have gnupg installed,
this is just a mean to say that the hashing tools I'm using are legitimate
if they all report the same value; the hash of the signature is not
provided). Now to the problem: a site called onlinemd5(dot)com (regular
HTTP, no HTTPS) reported values (SHA-1:
161B31EA6F627D3F17E896486AF886283450C946 and SHA-256:
369648131DE31A8CA44BEDA00D6A8ECB61C405F8FD8F03649BF80720F02525A7) different
from the ones of every other hashing tool (SHA-1:
3E15A03A29798718DCFAC54CADED34414284D6D9 and SHA-256:
3C5CEB2291C2314EDB55D905B94275FC871162D3BB7977BDDBCB6A97EFDBAC03).
I verified some other files using 11 different tools and they all matched,
but just in this case one of them failed. This is the first time I
encounter such a situation. How can this happen?
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Mail
priva di virus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170407/fef83f53/attachment.html>
More information about the Gnupg-users
mailing list