lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <19051af80510221551n3c91fc81y4186ff0e4f7ad1cc@mail.gmail.com>
Date: Sat Oct 22 23:51:30 2005
From: prozente at gmail.com (prozente@...il.com)
Subject: Different signatures on mirror sites for
	ethereal 0.10.13

\/  see below - the mirrors must still be updating...
---------- Forwarded message ----------
From: Gerald Combs <gerald@...ereal.com>
Date: Oct 20, 2005 5:31 PM
Subject: [Ethereal-announce] Updated Ethereal 0.10.13 source
distribution available
To: ethereal-announce@...ereal.com


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The ethereal-0.10.13.tar.bz2 source distribution released yesterday was
inadvertently compressed using gzip instead of bzip2.  A correct
distribution has been placed on the web site with the following hashes:

MD5(ethereal-0.10.13.tar.bz2)=9998cb4907a70925d33292bae89530d4
SHA1(ethereal-0.10.13.tar.bz2)=d83a326bb3b274c63e96c783c8b65a0ca848d721
RIPEMD160(ethereal-0.10.13.tar.bz2)=7d209f6c0a932f844ac1ab5fe9cfdef4145ee423

None of the other files released yesterday have changed.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDWBq6kXaEuZt2wEERAj9SAKCU+v3uGpDlpVQuQ2E1z32Swkst9QCg9FJG
bn18+2YzyTeRMcOE0j5dTNw=
=DWtO
-----END PGP SIGNATURE-----

_______________________________________________
Ethereal-announce mailing list
Ethereal-announce@...ereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-announce


On 10/21/05, Rein van Koten <vankoten@...all.nl> wrote:
> Interesting?
>
> While updating systems with ethereal 0.10.13 I downloaded from different
> sites... While checking MD5sums discovered that at least there is a
> difference between the SIGNATURES-0.10.13.txt files on the main ethereal
> site and tuwien.
>
> Difference is only for the tar.bz2 source file...
>
> Main site:
> MD5(ethereal-0.10.13.tar.bz2)=08d277951ff6f6a93c752abebd85d5bc
> SHA1(ethereal-0.10.13.tar.bz2)=4ed2014a1ede6bdb05fbe99b0469a030c7794a13
> RIPEMD160(ethereal-0.10.13.tar.bz2)=54f6431ac2d807e0d7dd896af71463d340c66107
>
> TUWIEN:
> MD5(ethereal-0.10.13.tar.bz2)=9998cb4907a70925d33292bae89530d4
> SHA1(ethereal-0.10.13.tar.bz2)=d83a326bb3b274c63e96c783c8b65a0ca848d721
> RIPEMD160(ethereal-0.10.13.tar.bz2)=7d209f6c0a932f844ac1ab5fe9cfdef4145ee423
>
> All other filesums match.
>
> Now downloading all files and looking at the sources.
>
> Maybe it is my mistake, maybe something weird is going on. In case of the
> latter decided to bare the blame if it is my mistake. Do not like the idea
> of tampered ethereal sources....
>
> Regards,
>
> Rein
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ