This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Mac Home Ed.'s MD5 checksum wrong?

I performed a md5 check on the file I downloaded from Sophos' website (savosx_72_he.dmg), but I received a different string from the one listed on the tech specs page.

I got this result: 76cbd8b25919c3fda4690f36219a1f8b

Sophos shows: 21c3c6f2d93d0843238b9575792e06ef

Someone please explain the discrepancy? I've downloaded the file twice

Thanks.

This thread was automatically locked due to age.

Parents

0 QC over 14 years ago

I am unable to finds any reference to issues with viewing checksum over https (if that is what you mean).

Only two posts (now three) are found for md5 https and the one not from me is from the thread Protection against MiTM attacks?. jstash says in his second post: An MD5 published on an HTTP site (which could also be hijacked) is only sufficient for checking if a download is intact. To verify that it was actually created by Sophos, either a signature file (e.g. validating a PGP/GPG signature file) or being able to download the MD5 over HTTPS (w/ cert validation) [bold print mine] would be needed.

Christian
:1001443
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 14 years ago

I am unable to finds any reference to issues with viewing checksum over https (if that is what you mean).

Only two posts (now three) are found for md5 https and the one not from me is from the thread Protection against MiTM attacks?. jstash says in his second post: An MD5 published on an HTTP site (which could also be hijacked) is only sufficient for checking if a download is intact. To verify that it was actually created by Sophos, either a signature file (e.g. validating a PGP/GPG signature file) or being able to download the MD5 over HTTPS (w/ cert validation) [bold print mine] would be needed.

Christian
:1001443
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data