On Fri, 18 Mar 2016 15:45, d...@fifthhorseman.net said: > On any modern Windows installation (since Vista at least, i think) there > is "certutil.exe"
I know but I have also seen on the gpg4win mailing list that people have problems using it or any other tool. Also worse than checksums or real signatures, I meanwhile think that an Authenticode signature would overall improve the situation. > Right, but surely you wouldn't advocate only displaying the first and > last few digits of the SHA1 digest just because most people aren't going > to look at anytihng else. Right? Ack. > glad that we at least offer SHA-1, even though it's longer and harder to > read than MD5, which itself is longer and harder to read than CRC32 :P Well, MD5 is out of every discussion - despite that not too old OpenSSH versions still use it for fingerprints by default. But then again, who really check the fingerprints ;-) Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users