[X] The timestamp of digital signature displayed useless

Hi, everyone.

My OS is Windows XP SP3.

I met a strange bug since Mp3tag 2.74.

The timestamp of digital signature displayed useless since Mp3tag 2.74.

The latest Mp3tag 2.75 still had the same issue as aforementioned.


Before Mp3tag 2.73, the timestamp of digital signature displayed was ok.


Best regards,

Steven.



I've changed the digital signature to use SHA-256 hashes for both the signature and the timestamp (since SHA-1 is not considered 'safe' anymore) and it can be, that those older operating systems like Windows XP are not able to verify those.

To verify that everything is OK with the download file, I'm using a service called VirusTotal where you can check whether the digital signature was verified (which is the case for the current download).

I'm also getting suggestions to publish the hashes on the download page, but I'd prefer to have only the hash in the digital signature. An attacker that would gain access to the Mp3tag server could also easily update a written hash on the download page, which would create the illusion of security.

Kind regards
Florian

Thanks for your explanation.

The security of server is most important indeed.

Best regards,

Steven.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.