But the hash is part of the file - the hash can simply be recalculated and replaced and without being signed, the file cannot be known if it's intact.
----- Original Message ----- From: "Dave Gomboc" <[email protected]> To: <[email protected]> Sent: Tuesday, July 07, 2009 11:01 PM Subject: Re: [hlcoders] Access reception to hlcoders forum > > >> Checksums really don't provide security against tampering, as they are >> too easy to manufacture. They're more often used to detect casual >> corruption errors like those that could be introduced during network >> transmission. >> >> --Bob >> > > I'm not sure what your definition of "easy to manufacture" is, but I'm not > aware that the frequently-used SHA-1 would qualify as such. Finding a > collision has been proven to be possible faster than via brute force > attack, > but I would think that doing so with contrived data that must also serve > as > a working substitute for the original data would still be pretty difficult > (as of July 2009, anyway). Also, there's better checksums than SHA-1 that > could be used in its stead. > > Dave > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
