linda_rudawitz's profile

5 Messages

 • 

132 Points

Tue, Sep 10, 2013 9:48 PM

Does the Ruckus team give SHA1 or MD5 sums for the ZD image downloads or provide that information anywhere?

Basically in this day and age anything that doesn't have an MD5 or SHA1 key on it makes me wary. Are you going to be supporting that information given the MR of 9.6 and going forward?

Responses

683 Messages

 • 

11K Points

8 y ago

Hi Linda,

Good question. We've debated it. The images are signed, and so that internal hash serves to validate the images are correct. That doesn't mean you can't get a corrupt image, but it does mean the ZD will detect it and refuse to load.

(p.s. stick w SHA1 - the naughty boys -- and no I don't mean the NSA -- have cracked MD5)

I've referred this to our security team to see if they have any further comment.

5 Messages

 • 

132 Points

8 y ago

Thank you Keith, appreciate it.

683 Messages

 • 

11K Points

8 y ago

NP, and they agreed with my reasoning. So for now we will continue as is (though we do have a big makeover coming up which should make downloads a better experience)

2 Messages

 • 

90 Points

8 y ago

Hi Keith,

Does this mean there will really be no way for ZD to install a corrupted image and in no way brick it?

Thanks.

683 Messages

 • 

11K Points

8 y ago

@Philippe - it would be extremely unlikely.

Champion

 • 

368 Messages

 • 

5.6K Points

8 y ago

I have upgraded about 500 ZD, and to this day I managed to brake only one in the process. It was about 5 years ago, when ZDs were not black yet.

So It's not improbable, but I wouldn't worry about it too much. It has limited lifetime warranty :)

Important Announcement