Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Sha1 or MD5 hash

Is there a SHa1 or Md5 hash check for Mountain lion like the other updated Aple provides?


It seems Apple provides Sha1 hashes for its updates but not for a major operating system? Why?

MacBook Pro, Mac OS X (10.6.8)

Posted on May 7, 2013 9:08 AM

Reply
1 reply

May 7, 2013 5:34 PM in response to macfrombrampton

This is a question best asked of Apple directly; the "why" questions are often not something that non-Apple folks are in a position to answer.


Of what's been posted and discussed about your question, "For updates delivered by Automatic Software Update, SHA-1 digest verification is performed automatically for you." (HT1652)


For details on code signing used on more recent OS X releases, see the Code Signing Guide and review commands such as codesign --verify --deep-verify --verbose /applications/Install\ OS\ X\ Mountain\ Lion.app and codesign --display -vvv --entitlements - /applications/Install\ OS\ X\ Mountain\ Lion.app Based on the output from those and related commands, the code-signing here is using SHA-1, and it traces back to Apple digital certificates.


AFAIK, the installation verifies the signatures, as it wouldn't be much value otherwise.


US NSA and Apple security guides are among the available security-related documentation. Apple's Gatekeeper (HT5290) might also be of some interest.


Alternatively (and likely better), please call the Apple support center folks directly, as your requirements are clearly quite specialized, and it would appear your distribution path requirements may be equally specialized.


FWIW, few folks are using MD5 anymore for anything more serious than detecting file transfer corruptions.

Sha1 or MD5 hash

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.