On Tue, 2005-04-19 at 20:04 +0200, Joerg Wunsch wrote: > Cryptographic hashes (MD5, SHA1, MD160) are strong (but slow) > algorithms to improve your degree of trust that nobody manipulated the > files protected by them. > > Of course, as both are transfered within the same file, the value of > the cryptographic hash is somewhat questionable.
You sign the md5sum with a public key to insure that the md5sum list was really created by someone you trust, and that the md5sum file was not tampered with. GPG can handle creating and verifying the authentication envelope, although I don't personally have experience with it. I don't think hobbyists are THAT concerned about the security of their files. However, if ya'll intend this format to be used commercially, it might be a good feature. On the other hand, everyone I've dealt with will happily flash anything you give them onto their hardware. --- Geoffrey Wossum Long Range Systems - http://www.pager.net _______________________________________________ AVR-chat mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/avr-chat
