--- begin forwarded text

From: Vinnie Moscaritolo <[EMAIL PROTECTED]>
Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to
 authenticate software  releases
List-Id: Macintosh Cryptography <mac_crypto.vmeng.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://www.vmeng.com/mailman/listinfo/mac_crypto>,
        <mailto:[EMAIL PROTECTED]>
List-Archive: <http://www.vmeng.com/pipermail/mac_crypto/>
Date: Mon, 5 Apr 2004 08:10:26 -0800

one more thing for all it's worth.. MD5 is not a FIPS-140-2  approved
http://csrc.nist.gov/cryptval/   this would technically prevent osx
from being used
in any Federal or Mil environment.   Apple will eventually have to
address this concern.

At 6:17 AM -0500 4/4/04, Arnold G. Reinhold wrote:
>The cryptographic hash function MD5 has long been used to
>authenticate software packages, particularly in the Linux/Unix/open
>source community. This has carried over to Apple's OS-X. The MD5
>hash of an entire package is calculated and its value is transmitted
>separately from the package. Users who download the package compute
>the hash of the copy they received and match that value against the

Vinnie Moscaritolo  ITCB-IMSH
PGP: 3F903472C3AF622D5D918D9BD8B100090B3EF042

"When the pin is pulled, Mr. Grenade is not our friend."
                                 - USMC training bulletin.

mac_crypto mailing list

--- end forwarded text

R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to