md5 for bootstrap checksum of md5 implementations? (Re: [ANNOUNCE] OpenSSL 0.9.6f released)

[Adam Back]

John Allen's md5-in-perl?

http://www.cypherspace.org/adam/rsa/md5.html

#!/usr/bin/perl -iH9T4C`>_-JXF8NMS^$#)4=@<,$18%"0X4!`L0%P8*#Q4``04``04#!P``
@A=unpack N4C24,unpack u,$^I;@K=map{int abs 2**32*sin$_}1..64;sub L{($x=pop)
<<($n=pop)|2**$n-1&$x>>32-$n}sub M{($x=pop)-($m=1+~0)*int$x/$m}do{$l+=$r=read
STDIN,$_,64;$r++,$_.="\x80"if$r<64&&!$p++;@W=unpack V16,$_."\0"x7;$W[14]=$l*8
if$r<57;($a,$b,$c,$d)=@A;for(0..63){$a=M$b+L$A[4+4*($_>>4)+$_%4],M&{(sub{$b&$c
|$d&~$b},sub{$b&$d|$c&~$d},sub{$b^$c^$d},sub{$c^($b|~$d)})[$z=$_/16]}+$W[($A[
20+$z]+$A[24+$z]*($_%16))%16]+$K[$_]+$a;($a,$b,$c,$d)=($d,$a,$b,$c)}$v=a;for(
@A[0..3]){$_=M$_+${$v++}}}while$r>56;print unpack H32,pack V4, at A # RSA's MD5

You could include the code in the signed release announcement for
example.

More generally you could also type it in or visually compare it to a
printed version or something as your boot strap of trust, and keep
hash of standard linux statically of known good md5sum with the code
also.  (It's quite a bit slower than md5sum, though it only takes a
couple of seconds to md5 a typical kernel with it -- eg
/boot/vmlinuz).

(See also sha1: http://www.cypherspace.org/adam/rsa/sha.html)

Adam

On Fri, Aug 09, 2002 at 10:06:41AM -0400, Rich Salz wrote:
> 
> >   The checksums were calculated using the following commands:
> > 
> >     openssl md5 < openssl-0.9.6f.tar.gz
> >     openssl md5 < openssl-engine-0.9.6f.tar.gz
> 
> Is there another md5/hash program that's readily available?
> Cf: Thompson's reflections on trusting trust.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com