>
> Checksums really don't provide security against tampering, as they are
> too easy to manufacture. They're more often used to detect casual
> corruption errors like those that could be introduced during network
> transmission.
>
> --Bob
>
I'm not sure what your definition of "easy to manufactur
>
> But the hash is part of the file - the hash can simply be recalculated and
> replaced and without being signed, the file cannot be known if it's intact.
>
We agree: it would be wholly inappropriate to trust an untrustworthy source
of the checksum when trying to detect tampering.
Dave
>
> SHA-1 is not a checksum, it's a hash. A checksum (like a CRC32, CRC16,
> etc.) is different from a hash.
>
> Also, what Jonas and Harry mentioned applies. Even if it is a hash and
> not a checksum, it could easily just be replace unless it is signed.
>
> --Bob
CRC-32 and SHA-1 are both hashin
Unfortunately, even the daily digests are frequently not of much help,
because many posters reply to long threads without chopping off the stuff
that is no longer relevant from the bottom. There are days where those of
us subscribing to the "daily" digest receive many such messages, and each
maili
4 matches
Mail list logo
