SHA-1 Redemption
Familiar Problem?
Have you ever encountered such error messages when launching older versions of Minecraft?
[SEVERE] [ForgeModLoader] The minecraft jar file:/home/una/.local/share/PrismLauncher/libraries/com/mojang/minecraft/1.6.4/minecraft-1.6.4-client.jar!/net/minecraft/client/ClientBrandRetriever.class appears to be corrupt! There has been CRITICAL TAMPERING WITH MINECRAFT, it is highly unlikely minecraft will work! STOP NOW, get a clean copy and try again!
[SEVERE] [ForgeModLoader] For your safety, FML will not launch minecraft. You will need to fetch a clean version of the minecraft jar file
Or maybe this variant:
[SEVERE] [Forestry] railcraft.common.core.Railcraft failed validation. Halting runtime for security reasons. Please replace your mods with untampered versions from the official download sites.
What's the Cause?
These errors occur because newer Java 8 releases have dropped support for SHA-1 signatures, while older Minecraft modifications rely on them for so-called "integrity checks". Although FML developers' intentions were good (to warn users about incorrectly installed jar mods), the implementation turned out to be flawed.
Problem Solution
Instead of trying to remove the detection system and risking activation of various "anti-piracy" checks (Forestry for version 1.2 is particularly known for this), SHA-1 Redemption works at a deeper level, restoring trust in SHA-1 signatures within Java itself.
This mod is compatible with any version of Minecraft and virtually any Java program. Especially useful for versions where this problem occurs most frequently.
Important Warning
The SHA-1 algorithm is considered obsolete and unreliable — that's why support was removed. Using this mod means the digital signature system can no longer be considered reliable. In the context of Minecraft modpacks, this is acceptable since the bypassed systems are already broken due to implementation errors.
However, in other situations where digital signatures are truly important, using this mod is not recommended. In such cases, it's better to configure Java security policy more specifically or re-sign the affected jar files.
