On Tue, Feb 04, 2003 at 02:04:01PM -0600, Greg Copeland wrote: > > Even improperly used, digital signatures should never be worse than > simple checksums. Having said that, anyone that is trusting checksums > as a form of authenticity validation is begging for trouble.
Should I point out that a "fingerprint" is nothing more than a hash? > Checksums are not, in of themselves, a security mechanism. So a figerprint and all the hash/digest function have no purpose at all? > There really isn't any comparison here. I didn't say you could compare the security offered by both of them. All I said was that md5 also makes sense from a security point of view. Should I also point out that md5 really isn't a "checksum", it's a digest or hash. I have to agree that a real checksum, where you just add all the bytes, offers no protection. Kurt ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])