Security notes

I provide MD5 checksums and GPG signatures for the archives/files that are available on this pages for download so you can check the integrity of those files (and can be sure they are really from me :-).

Please note that all of my programs may be infested with bugs and probably have many security holes! I can not give any warranties and you are using the programs at your own risk!

MD5 checksums

You can use MD5 for OS/2 to calculate the MD5 checksum of a file.

GPG signatures

The signatures are provided in ASCII armoured format. You can use GnuPG 1.20 (available e.g. on the Team Trier Collection Vol.11) for verification. Other versions of GPG or PGP should also work fine (though I haven't tested it). Note that you will also need my GPG public key.

A warning on the use of GPG under OS/2: According to Werner Koch - who, as the main author of GPG, surely knows what he is saying - GPG for OS/2 is not secure because of the lack of good entropy sources under OS/2. So you should not use GPG for signing or encryption here. On the other hand, we now have a REXX entropy daemon available (also on the Team Trier Collection Vol.11), maybe this can solve the problem? Unfortunatly I'm no expert in this matters and can't give you any definitive advice.

The signatures of all files on this website have been created with GPG for GNU/Linux. As far as I understand the whole thing (but don't count on this ;-) verifying signatures should not be affected by above problem anyway so you can use GPG for OS/2 for checking the sigs.

Last modified: August 30 2009 09:41:02 by Thorsten Thielen
URL of this page:
Valid XHTML 1.0! Valid CSS!