Why no MD5 data on most vendor sites?

Discussion in 'other security issues & news' started by avboy, Feb 16, 2012.

Thread Status:
Not open for further replies.
  1. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    I thought that would be pretty much given. But I cant find it in most of the well known vendors' sites. Is there any collection anywhere where users have pooled in MD5 or SHAs of security products.

    Sites/products that I know of (from vendors'/developers' sites):

    SandboxIE all in one:
    MD5 b5f980376f23d82a72d3dedb291cb962
    SHA1 84bc7de48a8b32fe5422ef4337d6a295652f60f0

    Collected here from users who have kindly provided:
    OnlineArmorSetupexe 5.5.0.1557
    MD5; 28E0AEC53671810138001617D9AB344B
    SHA1; E8CEF0C4E9A06FF6957ADB8B7646D2B919B6D8EB

    In case there's a thread or a link, kindly point to it. I'll keep updating as I find more.
     
  2. x942

    x942 Guest

    I have a list I made of a lot of tools (everything from truecrypt to FireFox). Most of them were so I had "known" good copies of tools I compiled for work at the time but should still be valid for the most part. I think it would be cool to have an online database of MD5 and SHA2 hashes for all of these tools.

    Users could upload a file and have the server compare the hash with one on record and if there isn't one on record it could be submitted to be added by the author or users (this would undergo some kind of review process of course).

    I would suggest SHA2 and MD5 as MD5 has collisions while SHA2 isn't actively used (as much) so having both could make it more secure but also allow for existing hashes to be added (for tools that already list them like TrueCrypt for example).

    I'm tempted to build this site right now actually :p
     
  3. avboy

    avboy Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    165
    Thats what exactly I was looking for. The closest I have come is on Filehippo.com under the link "Technical" on individual download pages. However the ones supplied by the developers should be the most reliable, particularly when trust level of CAs are coming under scrutiny very often these days.
     
  4. x942

    x942 Guest

    +1 If I where to create such a site or use one I would make sure all of the hashes where verified with the publisher. So for example in the above post the review process could consist of contact any dev's to ask for confirmation as well as downloading it from there site and comparing it.
     
Loading...
Thread Status:
Not open for further replies.