Changing the default message digest algorithm

Change the default message digest algorithm from SHA to MD5 only if absolutely necessary. Edit the installver_wbi.bat file or the installver_wbi.sh file to make the change. Changing the algorithm invalidates the SHA-based checksums in the product bill of materials. For this reason, verify the product files before changing the message digest algorithm.

Before you begin

Install the product before attempting to change the default message digest algorithm from SHA to MD5.

Why and when to perform this task

The default message digest algorithm is one of the secure hash algorithms (SHA) that are part of the Secure Hash Standard (SHS) from the National Institute of Standards and Technology (NIST). SHA-1 is the standard hash function of the U.S. government. For more information, see the Federal Information Processing Standards (FIPS) Web page at http://csrc.nist.gov/publications/fips/index.html, and view the publication FIPS 180-2.

Also available is the older MD5 message digest algorithm. MD5 is a deprecated type of message algorithm that is not as secure as SHA and is provided only for backward compatibility.

This topic describes changing the default message digest algorithm. You must edit the installver_wbi.bat file or the installver_wbi.sh file to change the algorithm.

Steps for this task

Add the following environmental property to the script file:
-Dchecksum.type=MD5
The default value is:
-Dchecksum.type=SHA

What to do next

Go to Handling out-of-memory situations to learn more about the installver_wbi command.

Related tasks
Excluding files from a checksum comparison
Handling out-of-memory situations

Last updated: Wed 01 Nov 2006 07:47:12

(c) Copyright IBM Corporation 2005, 2006.
This information center is powered by Eclipse technology (http://www.eclipse.org)