----- Original Message -----
From: "Aaron P Ingebrigtsen" <[EMAIL PROTECTED]>
> But the signature IS encrypted, otherwise you would be able to extract
> the data no matter what file you point it at, and the text of the
> signature would never change no matter what file or message you sign. I
> know the signature doesn't encrypt the message or file that you are
> signing, that is a different function.
A PGP signature on the bottom of the mail message is encrypted. First the
entire message goes through a hash function, then the resulting hash is
encrypted with the private key. The mail goes out, someone gets it. They
verify the message by taking the message, running it through the same hash
function and checking that against the decrypted signature. (the signature
is decrypted by using the public key)
> I was wondering, which do you think would be better, Cast, Triple-DES, or
> IDEA? UC2 uses MD5 hash for the two crypto-random numbers that it uses
> to encrypt useing Triple-DES. PGP can do CAST, Triple-DES, or IDEA
> encryption, and I think I might be able to change the hash from SHA1 to
> MD5, but I'm not sure. Anyway, which do you think is better?
MD5 is insecure. Don't use it. SHA1 is quite secure.
-Mathew
_______________________________________________
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat
