Author Topic: [SECURITY] Hashes of the downloadable client archives???  (Read 6241 times)

0 Members and 1 Guest are viewing this topic.

Offline 3dtr

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
The version string is not updated. In file-meta data is v0.8.52.0 but in help/about is v0.8.54.0-unk-beta
spend me a beer: PpwbYJisZ8ga7jdDnKTHSEiQAwQEH8Qtbg

Offline Montaxx

  • Moderator
  • Full Member
  • *****
  • Posts: 76
    • View Profile

Offline 3dtr

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
I didn't know why it's so costly to build some checksum after every compiling???


I downloaded the client from both sources, now:
http://www.memorycoin.org/downloads/memorycoin.zip
https://drive.google.com/file/d/0B-5Ax5kejTpMOWZjXzE1UEs0bG8/edit?usp=sharing

Has the same checksum:
sha256: ae7969d681ce775c4cae5c2939ee223125454c51523478fde0d944f3e76bbefb
sha1: 0fb629562eb573531bdac9ed77fc5db7a430e88e
md5: 746669a259a04a61548bb57a6a81b268

It's v0.8.52.0 from 20.12.2013 - 02:32

Scan results: http://virusscan.jotti.org/en/scanresult/1210a156db9ef752be1534048bb8a0302abe5889 is clear...


Can anyone confirm?
spend me a beer: PpwbYJisZ8ga7jdDnKTHSEiQAwQEH8Qtbg

Offline FreeTrade

  • Moderator
  • Hero Member
  • *****
  • Posts: 700
    • View Profile
Little bit busy with other things.

I'd recommend compiling from source for best security.

If that's inconvenient, the best things is to always download from the Google https site and run virus checkers on the software. Also you can share the hashes you're finding here so check they match with others.

Maybe when we've got the bugs ironed out and with less frequent updates, I'll look at posting hashes.
“People should be more sophisticated? How are you gonna get that done?” - Jerry Seinfeld reply to Bill Maher

Offline 3dtr

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Seems that the developers doesn't interest in this  :-X
Maybe they think, the download server can't be hacked. Because of???

My first request of the hash values is from December 16, 2013: https://bitcointalk.org/index.php?topic=370806.msg3990347#msg3990347
spend me a beer: PpwbYJisZ8ga7jdDnKTHSEiQAwQEH8Qtbg

Offline gnarl

  • Full Member
  • ***
  • Posts: 72
    • View Profile
This is important, thank you for posting the question 3dtr.

When can we expect at least this minimum security precaution with these precompiled clients?

Offline 3dtr

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Seems that nobody interests the missing security information... and thats in a CryptoCoin world  :o

What if i download and run a manipulated client that's steal all my wallet.dat files?
spend me a beer: PpwbYJisZ8ga7jdDnKTHSEiQAwQEH8Qtbg

Offline Montaxx

  • Moderator
  • Full Member
  • *****
  • Posts: 76
    • View Profile
Good point. Lets wait till FreeTrade says something to this.

Offline 3dtr

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
for 'memorycoin-qt.exe' i get:

sha256: 400ae751d173e51b0a672fa2098451b31d5069c569b256c1340c8a49170fc2b5
sha1: 16d24f82e758c5e9cbe0204a0db474b363c86b8e
md5: 3dd20b0cff09bc5b30e94bfb5613a35a
spend me a beer: PpwbYJisZ8ga7jdDnKTHSEiQAwQEH8Qtbg

Offline 3dtr

  • Jr. Member
  • **
  • Posts: 31
    • View Profile
Seems that this is oversight on bitcointalk:
Where can i find the hashes of the client download???

I get for 'memorycoin.zip' this:

sha256: fbd1553a2babe9755c79bc33177a15fe8c92f7972f373e51ca54b9f8604de965
sha1: af10bcdfce8e80887ea29bcb6c0e77beed4f36d2
md5: 68c37aa751148bd1a78e55ca441cf02f

Why does mostly developer doesn't protect the users?

For a secure cryptcoin it must be always publish the hashes of downloads!!!
« Last Edit: December 19, 2013, 11:16:05 am by 3dtr »
spend me a beer: PpwbYJisZ8ga7jdDnKTHSEiQAwQEH8Qtbg