Bitcoin Forum

I don't seem to be able to find any md5s for your code downloads. Is it just me, or are there none?

md5 checksums are still widely used but not secure

md5 is evil, two differents files can have the same md5 checksum (http://www.coresecurity.com/content/md5-harmful)
but unfortunately people still use it ;(

They can, but the odds that you'll get useful exploit code that just happens to be that collision are still insanely high.

Nah, it's insanely easy nowadays. Have you seen evilize?

http://www.mscs.dal.ca/~selinger/md5collision/

Yeah... In earlier days, you could easily set an 8-letter Upper-Lower-Digit password and be sure no one will be interested in cracking it (which he will do for 30 days minimum). Now, we have Playstation 3's and cloud services, and cracking that MD5 is a matter of minutes or hours. Now i'll have to change every my password to something stronger.

BTW, SMF FTW, cause it uses SHA-256 instead of MD5.

Yeah, I guess SHA-256 will be good enough. ;-)

Hashes are good but it's already time to start doing gpg-signatures to tarball. Suffice it now to hack the site or even deception to obtain control over the wiki, put "fresh" version of the client and everything collapses.

For future reference, here's my public key.  It's the same one that's been there since the bitcoin.org site first went up in 2008.  Grab it now in case you need it later.

http://www.bitcoin.org/Satoshi_Nakamoto.asc