On Tue, 2003-02-04 at 12:02, Rod Taylor wrote: > On Tue, 2003-02-04 at 12:55, Kurt Roeckx wrote: > > On Tue, Feb 04, 2003 at 01:35:47PM +0900, Curt Sampson wrote: > > > On Mon, 3 Feb 2003, Kurt Roeckx wrote: > > > > > > > I'm not saying md5 is as secure as pgp, not at all, but you can't > > > > trust those pgp keys to be the real one either. > > > > > > Sure you can. Just verify that they've been signed by someone you trust. > > > > I know how it works, it's just very unlikely I'll ever meet > > someone so it gives me a good chain. > > > > Anyway, I think pgp is good thing to do, just don't assume that > > it's always better then just md5. > > Not necessarily better -- but it's always as good as md5.
Even improperly used, digital signatures should never be worse than simple checksums. Having said that, anyone that is trusting checksums as a form of authenticity validation is begging for trouble. Checksums are not, in of themselves, a security mechanism. I can't stress this enough. There really isn't any comparison here. Please stop comparing apples and oranges. No matter how hard you try, you can not make orange juice from apples. Regards, -- Greg Copeland <[EMAIL PROTECTED]> Copeland Computer Consulting ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
