Skip to content
This repository has been archived by the owner on Dec 1, 2018. It is now read-only.

Wrong hash algorithm in checksum file? #2

Closed
lfam opened this issue Jul 10, 2016 · 2 comments
Closed

Wrong hash algorithm in checksum file? #2

lfam opened this issue Jul 10, 2016 · 2 comments

Comments

@lfam
Copy link

lfam commented Jul 10, 2016

I downloaded letskencrypt-portable-0.1.7.tgz and the associated file letskencrypt-portable-0.1.7.sha256 from https://kristaps.bsd.lv/letskencrypt/snapshots/.

However, the checksum contains a SHA512 hash rather than a SHA256 hash:

$ cat letskencrypt-portable-0.1.7.sha256 
SHA512(letskencrypt-portable.tgz)= 8b0e7e47054ce272486d472cef9e48c54b6179cd2da50967f373dd552ff59dd495758c56f8e147513267800254909e88304908f1495a969ed24ce8b43c0c64de

Also, the checksum itself was calculated on the "unversioned" filename, which is a little confusing, since the filename of the checksum includes the version.

It's probably worth signing the checksum as well, whether with PGP or signify.

@kristapsdz
Copy link
Owner

Thanks! This has been fixed in the latest release of 0.1.8, now at kristaps.bsd.lv/letskencrypt.

@kristapsdz
Copy link
Owner

(Except for the signature, which is a larger question that'll be answered in due time...)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants