>
> Why not put both detached signatures into the checksum file?
What's the point of this anyways? Unless you're unlike most uses, you're
using the default hashing, which is [drumroll please.....] SHA-1.
Throwing asside repudation, it still takes is 8 bytes to collide an
md5sum, and about 8 and a half bytes to collide a sha1sum... I suggest
that anyone that is worried about this problem run the following
program:
main.c:
int main() {
unsigned int x,y;
for (x = 0; x < 2^32; ++x) for (y = 0; y < 2^32; ++y);
return printf("Now you can worry\n");
}
--
James Blackwell | Life is made of the stuff that hasn't killed
Tell someone a joke! | you yet. - yours truly
----------------------------------------------------------------------
GnuPG (ID 06357400) AAE4 8C76 58DA 5902 761D 247A 8A55 DA73 0635 7400
_______________________________________________
Gnu-arch-users mailing list
Gnu-arch-users@gnu.org
http://lists.gnu.org/mailman/listinfo/gnu-arch-users
GNU arch home page:
http://savannah.gnu.org/projects/gnu-arch/
