mkosmita at gmail
Apr 27, 2012, 11:29 AM
Post #3 of 3
Re: [XCP] Authenticty of XCP installation image.
[In reply to]
Thank you for your answer however it is not enough...
I believe md5 should not be used any more for security related
purposes. These days computing a sha256 or at least sha1 should be
used. Even sha1 was phased out by US gov in the 2010...
Also plain email or http is not a secure way of communicating hash
because it could easily be altered by malicious routers or ISP...
Solutions to this is either serving the hash over secure connection
like ssl/tls (httpS)
or signing a file cryptographically like using pgp/gnupg.
Thank you for trying to help...
On 4/21/12, Outback Dingo <outbackdingo [at] gmail> wrote:
> On Fri, Apr 20, 2012 at 4:56 AM, Michał Karaś <mkosmita [at] gmail> wrote:
>> How do I verify authenticity and integrity of downloaded XCP installation
>> I cannot find any digital signature or any page serving cryptographic
>> hash over a secure connection. The download is also not available over
> Wow no too paranoid...... md5sum d80538645c4b3c8db8a3ec3e7c2546c2
>> Please help.
>> Xen-users mailing list
>> Xen-users [at] lists
Xen-users mailing list
Xen-users [at] lists