The MD5 checksums on the download page are insufficient. MD5 has been considered cryptographically broken for years. It should not be used in this context. People are using those MD5s to verify their random torrents which is a mistake.
Please provide checksums using the SHA-2 family so everyone can be sure the files are correct.
Advertisement
Page 1 of 1
Please provide strong checksums
Rate Topic:
MD5 is insufficient
MultiQuote
#4
evilelf 
Posted 11 August 2012 - 02:05 AM
Official SHA-256 (SHA-2) checksums:
53a32462d438368e6a9351e57e321d3bb6246e080ab018416487f35c8ff5f8fb autoexec.cfg
24bf37a19ae9d3d437cced22c00dc7fe5110a1cca437e07a163800c81f30a51e index.html
6b03b136e57580d8a7a796c2733a0172535c8e2047fba47fb4867040b9059282 QIIIA_Game_Source_License.doc
4dabb3227e51e0cf8e02e17529a472cdd5b395ed788b65d7ef5fe00062fc6a93 Quake3-UrT.app.zip
93c1de2b392bef41d84cbf2e510c41bf392d3d8c24213e4a2c4a8da84eb7327f Quake3-UrT-Ded.i386
7561dfe93a79550b364d8888323466e63e62ba087c6e56a8fba08a33e8cd305e Quake3-UrT-Ded.x86_64
d496ef021aac5c8ceb7dd940dcc3e70bff033de7a0cadd7af3fea161adff1964 Quake3-UrT.exe
232c4cf220d7a0087faf0b743a72ea830425e4a8652ddf246da9a67598d8f445 Quake3-UrT.i386
6d9de69412ce2a1d03c8684524ea604f2c0119c2fa446ce0c37b7364bb9b5a44 Quake3-UrT_Logitech_Game_Recognition.reg
545ce92ffff2d17b582c2710738f6602a4ccf9269b4a58ad160de77f395f1f74 Quake3-UrT.x86_64
a6060d221a102a08bc6f4076dafd3716c0c100278a9aa53956691efe12446d9e readme42.txt
1e7dd38b3b8dc89fc50ae09ae001c9d8d99cadf5d4315c2c58ab2645d21d8c63 server.cfg
3965a33693291a19f76918102b63c52f0551ef154f0d7e416fb9b363a2d35164 UrTLauncher.app.zip
099b835f1a41cbfe272aa97a060f8903e2c7288fded3dca423a054bf17b65a6c ut4_commune.pk3
d2558f7482363a8929376e4a77e3251a5f3b63c31f4d93d2f418c7bc7b0f70d5 zUrT42_0001.pk3
867b3296d503a970ef124b581c8b29450563656c749c369ba9be3bee8944c232 zUrT42_0002.pk3
207e254f7eba472013a9622b0876527b5847a85f0b82569ad8d62f597901f2b4 zUrT42_0003.pk3
0eb1cb365b002d692bf5ce70f7eb2c322ccb9ad494908237932299436a5c7ff3 zUrT42_0004.pk3
988e925c053f24b3349ce7a2b680d2fb95f20a38f20f6bc4f02fd510f37c0d22 zUrT42_0005.pk3
f310619fab3b2ae878b84a627f99f47aae1098977ae0c42958122c84f6cb134b zUrT42_0006.pk3
fca9a416eba4018d73f2078e517f05ac461a3bfacab65ea2dd2303ef9fef9840 zUrT42_0007.pk3
02f95374215d32288c3e1256e34d62a80c9fc1afee343c0883a615f155a8e63d zUrT42_0008.pk3
132bac1a4e6fe622e3bdc1ccc2a94cdf659c327ca48dfd555551faca5a1bc1dc zUrT42_0009.pk3
53a32462d438368e6a9351e57e321d3bb6246e080ab018416487f35c8ff5f8fb autoexec.cfg
24bf37a19ae9d3d437cced22c00dc7fe5110a1cca437e07a163800c81f30a51e index.html
6b03b136e57580d8a7a796c2733a0172535c8e2047fba47fb4867040b9059282 QIIIA_Game_Source_License.doc
4dabb3227e51e0cf8e02e17529a472cdd5b395ed788b65d7ef5fe00062fc6a93 Quake3-UrT.app.zip
93c1de2b392bef41d84cbf2e510c41bf392d3d8c24213e4a2c4a8da84eb7327f Quake3-UrT-Ded.i386
7561dfe93a79550b364d8888323466e63e62ba087c6e56a8fba08a33e8cd305e Quake3-UrT-Ded.x86_64
d496ef021aac5c8ceb7dd940dcc3e70bff033de7a0cadd7af3fea161adff1964 Quake3-UrT.exe
232c4cf220d7a0087faf0b743a72ea830425e4a8652ddf246da9a67598d8f445 Quake3-UrT.i386
6d9de69412ce2a1d03c8684524ea604f2c0119c2fa446ce0c37b7364bb9b5a44 Quake3-UrT_Logitech_Game_Recognition.reg
545ce92ffff2d17b582c2710738f6602a4ccf9269b4a58ad160de77f395f1f74 Quake3-UrT.x86_64
a6060d221a102a08bc6f4076dafd3716c0c100278a9aa53956691efe12446d9e readme42.txt
1e7dd38b3b8dc89fc50ae09ae001c9d8d99cadf5d4315c2c58ab2645d21d8c63 server.cfg
3965a33693291a19f76918102b63c52f0551ef154f0d7e416fb9b363a2d35164 UrTLauncher.app.zip
099b835f1a41cbfe272aa97a060f8903e2c7288fded3dca423a054bf17b65a6c ut4_commune.pk3
d2558f7482363a8929376e4a77e3251a5f3b63c31f4d93d2f418c7bc7b0f70d5 zUrT42_0001.pk3
867b3296d503a970ef124b581c8b29450563656c749c369ba9be3bee8944c232 zUrT42_0002.pk3
207e254f7eba472013a9622b0876527b5847a85f0b82569ad8d62f597901f2b4 zUrT42_0003.pk3
0eb1cb365b002d692bf5ce70f7eb2c322ccb9ad494908237932299436a5c7ff3 zUrT42_0004.pk3
988e925c053f24b3349ce7a2b680d2fb95f20a38f20f6bc4f02fd510f37c0d22 zUrT42_0005.pk3
f310619fab3b2ae878b84a627f99f47aae1098977ae0c42958122c84f6cb134b zUrT42_0006.pk3
fca9a416eba4018d73f2078e517f05ac461a3bfacab65ea2dd2303ef9fef9840 zUrT42_0007.pk3
02f95374215d32288c3e1256e34d62a80c9fc1afee343c0883a615f155a8e63d zUrT42_0008.pk3
132bac1a4e6fe622e3bdc1ccc2a94cdf659c327ca48dfd555551faca5a1bc1dc zUrT42_0009.pk3
Advertisement
#7
[B3]Courgette
-
community dev
B3 bot developer
Posted 11 August 2012 - 12:34 PM
undead, on 10 August 2012 - 04:16 AM, said:
The MD5 checksums on the download page are insufficient. MD5 has been considered cryptographically broken for years. It should not be used in this context. People are using those MD5s to verify their random torrents which is a mistake.
Please provide checksums using the SHA-2 family so everyone can be sure the files are correct.
Please provide checksums using the SHA-2 family so everyone can be sure the files are correct.
I don't understand why you are making such a big deal of file checksums.....
MD5 is only unsafe when used to hash passwords. When it comes to use this hash algorithm to check file integrity, MD5 is still a valid and strong method of making sure a file is what it is supposed to be.
Spreading the word that FS is making an unsafe job at providing 'just' MD5 checksums for the files is unjustified and unfair.
This post has been edited by Courgette: 11 August 2012 - 12:59 PM
#8
undead
Posted 11 August 2012 - 04:51 PM
Courgette, on 11 August 2012 - 12:34 PM, said:
I don't understand why you are making such a big deal of file checksums.....
MD5 is only unsafe when used to hash passwords. When it comes to use this hash algorithm to check file integrity, MD5 is still a valid and strong method of making sure a file is what it is supposed to be.
Spreading the word that FS is making an unsafe job at providing 'just' MD5 checksums for the files is unjustified and unfair.
MD5 is only unsafe when used to hash passwords. When it comes to use this hash algorithm to check file integrity, MD5 is still a valid and strong method of making sure a file is what it is supposed to be.
Spreading the word that FS is making an unsafe job at providing 'just' MD5 checksums for the files is unjustified and unfair.
Citation needed. You are the one spreading false information about MD5. Why would it be safe in the context of file integrity but not in the context of passwords?
"Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use." US-CERT
Please provide an authoritative source who says MD5 is safe for the context of downloading files from an untrusted torrent. If you need an example of why it shouldn't be used, look up how Microsoft's SSL certificates in the Flame attack were forged due to MD5 collisions.
This post has been edited by undead: 11 August 2012 - 05:00 PM
#9
evilelf
Posted 11 August 2012 - 05:23 PM
Lets leave it at that please. SHA-2 checksums were provided to satisfy a requirement from a concerned person. We're not here to discuss how a pk3 could be repacked with evil stuff and how the MD5sum ends up being the same.
Also, the reason why we provided an updater (and it works well for the most part), is to prevent having torrents, mirrors and the likes.
Also, the reason why we provided an updater (and it works well for the most part), is to prevent having torrents, mirrors and the likes.
Page 1 of 1
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement