Forum Discussion

New Contributor

7 years ago

I would like to know the official SHA-256 or SHA-512 hashes of the following Quartus d/l files: Quartus-pro-18.1.0.222-devices-3.tar Quartus-pro-18.1.0.222-linux.tar

The official site only has md5 sums, which can have collisions easily created, and the official site serves them over HTTP, so the attacker wouldn't even need to create a collision, the attacker coul...

HRZ

Frequent Contributor

7 years ago

I agree that MD5 is already far outdated and that downloads should be served over HTTPS, but if an attacker has tapped so deep into your network that he can capture, modify and replay your connections, there are far easier ways to infect you than going for a real-time chosen-prefix collision on 10-20 GB Quartus archives.

You could probably provide your feedback directly to Intel in this case through the Website Feedback form:

https://www.intel.com/content/www/us/en/forms/corporate/webmaster-contact-us.html

Forum Discussion

I would like to know the official SHA-256 or SHA-512 hashes of the following Quartus d/l files: Quartus-pro-18.1.0.222-devices-3.tar Quartus-pro-18.1.0.222-linux.tar

Recent Discussions

One-Stop Support Experiences for FPGA Download and Licensing Question

recovery timing issue

Installer cannot establish connection with SSL error

Unable to download Quartus

No access to the Self Service Licensing Center (SSLC)