Bitcoin Forum
December 09, 2016, 04:13:27 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: MD5 checksum for programs  (Read 572 times)
kerogre256
Full Member
***
Offline Offline

Activity: 161


View Profile
June 22, 2011, 09:59:27 AM
 #1

Please please add md5 checksum for important file like bitcoin, guiminer, what  if some one hacke some server and replace(compiled) file whit viruses or some difierent code ?
1481256807
Hero Member
*
Offline Offline

Posts: 1481256807

View Profile Personal Message (Offline)

Ignore
1481256807
Reply with quote  #2

1481256807
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin-Qt, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
DrDeke
Newbie
*
Offline Offline

Activity: 6


View Profile
June 24, 2011, 03:23:23 AM
 #2

Yeah, that's a very good idea and should be more widely adopted. It'd be easy hax to replace some popular miner executables (for instance) with miners that also steal wallet.dats.
BitCoinBarter
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 24, 2011, 08:36:25 AM
 #3

I think it is a good ideal.

I would use it to check if the file was not corrupted during download. This would not mean that a file is not a virus.

If a hacker was good enough to replace a file on a site,  they would also replace the md5 (or whatever hash that was used) with the hash of the virus.

Those hackers are clever like that.

Do no evil,

Smiley 12KYva8D2GT3C1wSD8wvgkFkP5TnBp3LPC Smiley
Joise
Jr. Member
*
Offline Offline

Activity: 30


View Profile
June 24, 2011, 12:30:13 PM
 #4

I think it is a good ideal.

Not ideal but one of the most basic of things.

Quote
I would use it to check if the file was not corrupted during download. This would not mean that a file is not a virus.

If a hacker was good enough to replace a file on a site,  they would also replace the md5 (or whatever hash that was used) with the hash of the virus.

Those hackers are clever like that.


That's why in the Debian project and all Linux distributions, software downloads are digitally signed and there exists a web of trust of GnuPG keys just for these signatures. I haven't seen the git source code archive, but releases should be signed as well, git is build exactly for that.

I've seen that people put bitcoin software on their own website for download without possibility for verification. It is a facepalm thing to install that. If you do that ever, it may well be that you don't own neither your wallet nor your PC anymore, even if it seems to behave like a bitcoin client.
Joise
Jr. Member
*
Offline Offline

Activity: 30


View Profile
June 24, 2011, 09:24:20 PM
 #5

The sha1 and md5 cecksums for the packages are here:

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/

They are signed with Jeff Garziks PGP signature.

As an reservation I have to say while Jeff is contributing
to the Linux kernel and has signed code there,
*this* signature is not within the "strong set" of
the GnuPG web of trust (whi you can look up here:
http://pgp.cs.uu.nl/ ).

That means it just could be another guy who
happens to have that mail address ;-)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!