Does the Ruckus team give SHA1 or MD5 sums for the ZD image downloads or provide that information anywhere?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Basically in this day and age anything that doesn't have an MD5 or SHA1 key on it makes me wary. Are you going to be supporting that information given the MR of 9.6 and going forward?
Photo of Linda Rudawitz

Linda Rudawitz

  • 5 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 50 Reply Likes
Hi Linda,

Good question. We've debated it. The images are signed, and so that internal hash serves to validate the images are correct. That doesn't mean you can't get a corrupt image, but it does mean the ZD will detect it and refuse to load.

(p.s. stick w SHA1 - the naughty boys -- and no I don't mean the NSA -- have cracked MD5)

I've referred this to our security team to see if they have any further comment.
Photo of Linda Rudawitz

Linda Rudawitz

  • 5 Posts
  • 0 Reply Likes
Thank you Keith, appreciate it.
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 50 Reply Likes
NP, and they agreed with my reasoning. So for now we will continue as is (though we do have a big makeover coming up which should make downloads a better experience)
Photo of Philippe

Philippe

  • 2 Posts
  • 0 Reply Likes
Hi Keith,

Does this mean there will really be no way for ZD to install a corrupted image and in no way brick it?

Thanks.
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 50 Reply Likes
@Philippe - it would be extremely unlikely.
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 48 Reply Likes
I have upgraded about 500 ZD, and to this day I managed to brake only one in the process. It was about 5 years ago, when ZDs were not black yet.

So It's not improbable, but I wouldn't worry about it too much. It has limited lifetime warranty :)