[tor-talk] TOR tried to take a snapshot of my screen

Sebastian G. <bastik.tor> bastik.tor at googlemail.com
Sat Aug 23 07:00:37 UTC 2014


23.08.2014, 00:16 no.thing_to-hide at cryptopathie.eu:
> I just downloaded the old version 3.6.3, the download link on
> http://www.neowin.net/news/tor-browser-bundle-363
> still works and leads to the file
> https://www.torproject.org/dist/torbrowser/3.6.3/torbrowser-install-3.6.3_en-US.exe
> 
> When I use jacksum on this file, the result is
> 
> c8eb88324526d718b937b616c75d33a8 torbrowser-install-3.6.3_en-US.exe
> 
> This is another MD5 checksum than from the mentioned installer package
> 
> 9529C5A633CF0CF6201662CA12630A04

Well for the "installer" of 3.6.3 I get:
MD5: 9529C5A633CF0CF6201662CA12630A04
SHA-1: 22BD98A14BCA9F1002CA2F6DBF7CFD4702B241EA
SHA-256: 52681848358365482CE2B0922D7C6453E9E1AE8F27B302D3CD3CA1AD876B0D3D
SHA-512:
975CF690DAF13A9C85FF342C7AF9C7CCE466D5E9EB8FAB2417DBE798A0EED3366BC30482FED47E4A64AB603C0EE71017FFAAF3C896C627F5992AC8B4221F93D8

and its signature is valid.

gpg: Signature made 07/25/14 19:19:46 using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark <erinn at torproject.org>"
gpg:                 aka "Erinn Clark <erinn at debian.org>"
gpg:                 aka "Erinn Clark <erinn at double-helix.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 8738 A680 B84B 3031 A630  F2DB 416F 0610 63FE E659

> I was not able to download the PGP signature of the file to verify its
> integrity.
> 
> One of us downloaded a wrong Tor installer package ...

The installer for 3.6.4 got a different hash. I'm not sure what has been
hashed on your end.

> Best regards
> 
> Anton

Sebastian G.



More information about the tor-talk mailing list