Jump to content
Sign in to follow this  
nxtbet

[C] MD5 discrepancy

Recommended Posts

Page http://cdburnerxp.se/en/download states:

Download latest version (4.3.8.2568)

Size: 4.78 MiB (MD5: C0CE228C04C3D81F6FE06532C710210A)

I downloaded from that specific link and got a different MD5: A645BF5AC3770CEED57C1BF16FD530C7 (revealed by FolderMatch software)

Why does a download from the same link produce a different signature from the one specified under the link?

Share this post


Link to post
Share on other sites

If the installer has a correct cryptographic signature, that is says it is signed by (verified publisher) "canneverbe limited" ignore that.

It is probably an error on the webpage, in fact that checksum indicator has to be removed and/or replaced by a sha256 hash.

Share this post


Link to post
Share on other sites

In general, and though we are not subject to them in anyway, we aim to follow NIST/FIPS general guidelines for crypto and security related stuff, in this particular case,

"NIST Special Publication 800-131A

Transitions: Recommendation for

Transitioning the Use of Cryptographic

Algorithms and Key Lengths"

Which in practise means to discontinue the use of md5 and sha1 in most situations.

Share this post


Link to post
Share on other sites

"canneverbe limited" is indeed what I see. If you don't believe in the MD5 stuff anymore, I am surprised you let it linger on. Thanks for the reassurance, however. I appreciate the peace of mind.

You should know that NOD32 gave me a warning of "potential threat found" when I dowloaded from that link, offering to cut off the connection, and then (when I clicked on "no action") offering to detlete. When I downloaded versions under "other options", the warning was no longer there. So this "opencandy" thing may be why I got the NOD32 warning. Just for your information.

Share this post


Link to post
Share on other sites
"canneverbe limited" is indeed what I see. If you don't believe in the MD5 stuff anymore, I am surprised you let it linger on.

Thanks for the reassurance, however. I appreciate the peace of mind..

It has continued to appear there because the installers only recently have been started to get signed

You should know that NOD32 gave me a warning of "potential threat found" when I dowloaded from that link, offering to cut off the connection, and then (when I clicked on "no action") offering to detlete. When I downloaded versions under "other options", the warning was no longer there. So this "opencandy" thing may be why I got the NOD32 warning. Just for your information

Yes, there are some antivirus products that still warn about opencandy, MS removed it from their list as well other vendors once the concerns over it were resolved.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.