Presumably the authentic author has their own md5 hash for the pacakge that they posted to news groups the moment after it was generated.
Now even if the the Authenic author own bocen is haX0red he/she can in 128 bits flat figure out that it's been tampered with.
I think that the best we can expect from the situation where the Publishing site has been HaX0red is that the authentic author can detect it in a resonable amount of time.
Re:No holes this time.. just minor fixes and upgra
on
OpenSSH 3.5 Released
·
· Score: 1
IMHO , ain't broke don't fix it.
If it's broke, test test test some more then test the upgrade (and back-out) process, then roll it out.
Wee!!! change control.
Slashdot Mirror
Presumably the authentic author has their own md5 hash for the pacakge that they posted to news groups the moment after it was generated. Now even if the the Authenic author own bocen is haX0red he/she can in 128 bits flat figure out that it's been tampered with. I think that the best we can expect from the situation where the Publishing site has been HaX0red is that the authentic author can detect it in a resonable amount of time.
IMHO , ain't broke don't fix it. If it's broke, test test test some more then test the upgrade (and back-out) process, then roll it out. Wee!!! change control.
I hope they do find them tommorrow, my client's will be asking me why I haven't deployed this and I want some ammunition.