Bitcoin Forum

Please please add md5 checksum for important file like bitcoin, guiminer, what  if some one hacke some server and replace(compiled) file whit viruses or some difierent code ?

Yeah, that's a very good idea and should be more widely adopted. It'd be easy hax to replace some popular miner executables (for instance) with miners that also steal wallet.dats.

I think it is a good ideal.

I would use it to check if the file was not corrupted during download. This would not mean that a file is not a virus.

If a hacker was good enough to replace a file on a site,  they would also replace the md5 (or whatever hash that was used) with the hash of the virus.

Those hackers are clever like that.

Not ideal but one of the most basic of things.



That's why in the Debian project and all Linux distributions, software downloads are digitally signed and there exists a web of trust of GnuPG keys just for these signatures. I haven't seen the git source code archive, but releases should be signed as well, git is build exactly for that.

I've seen that people put bitcoin software on their own website for download without possibility for verification. It is a facepalm thing to install that. If you do that ever, it may well be that you don't own neither your wallet nor your PC anymore, even if it seems to behave like a bitcoin client.

The sha1 and md5 cecksums for the packages are here:

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/

They are signed with Jeff Garziks PGP signature.

As an reservation I have to say while Jeff is contributing
to the Linux kernel and has signed code there,
*this* signature is not within the "strong set" of
the GnuPG web of trust (whi you can look up here:
http://pgp.cs.uu.nl/ ).

That means it just could be another guy who
happens to have that mail address ;-)