[ale] ! Openssh package trojaned...

Jonathan Rickman jonathan at xcorps.net
Thu Aug 1 10:42:53 EDT 2002


On Thu, 1 Aug 2002, John Wells wrote:

> This brings to mind a question I've had for awhile now.
> Many sites provide md5 files in addition to a tarball so you can run
> md5sum on the tarball and compare the hash.  What prevents some hax0r from
> posting a fake md5 file when they compromise a tarball, so the sums will
> match?

I've never really trusted MD5 checksums totally, mainly because I don't
have a really good grasp of what's happening either. However, they are
useful for quick identification purposes, as I pointed out earlier.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list