Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash FIle #831

Open
StableRax opened this issue Nov 8, 2024 · 3 comments
Open

Hash FIle #831

StableRax opened this issue Nov 8, 2024 · 3 comments
Labels
Feature Request Releases

Comments

@StableRax
Copy link

We have a customer who likes the Maintenance Solution script, however they will not allow software/files onto their system without a hash file, could this be generated on for the scripts and available on github.
@olahallengren
Copy link
Owner

Does anyone know if there is a standard for doing this? File format? Algorithm?

@Adilzaf
Copy link

Adilzaf commented Dec 9, 2024

SHA-256 is approved by NIST and is included in SHA-2 family of hash algorithms. You could use certUtil in cmd to generate the checksum, and then publish it on your website and Github. One could then verify the downloaded file by generating the same checksum locally. See below:

certUtil -hashfile C:\filename.sql SHA256

@olahallengren
Copy link
Owner

Could you help me understand the security aspects here?
If my website or GitHub repository were somehow compromised, an attacker could modify both the scripts and their checksums, couldn’t they?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Request Releases
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@olahallengren @Adilzaf @StableRax