On 13 Mar 2001, at 0:53, Alex Kruppa wrote:
> > Actually, if George just got a signed PGP key, he could communicate
> > the CRC32 & MD5 checksums of the various files to us by signed email.
>
> First off, please dont use CRC32 for authenticating!
I was most certainly _not_ advocating use of CRC32 alone. In fact, at
the current state of the art, I think MD5 alone is "good enough", but
the effort of matching even CRC32 as well as MD5 should be enough to
satisfy even the most paranoid - and gives an extra "period of grace"
should MD5 be broken. As you say, SHA would be a better choice than
CRC32, but...
> With a PGP detatched siganture packed along with Prime95.exe
> (and one for each .dll of course), all you have to do is double-
> click on
> the .sig file, a PGP window pops up and shows a green light if the
> file
> is ok and a red light if it isn't - which is the way most users
> like it
> (that includes me, I like life simple, if possible..)
OK. Good idea.
> I dont think even most PGP users have a stand-alone md5 program. Most
> linux distributions come with md5sum, but I wouldnt know a Windows
> program off my head.
In the days when it was forbidden to export the US version of
Netscape because of the "strong" encryption content, there was a
program called Fortify which could be used to upgrade the
international version to use US domestic strength encryption. That
package contains a console utility which can be used calculate the
MD5 sum of any file. Check out http://www.fortify.net/
Any idea where I could get a freeware SHA checksum utility?
Regards
Brian Beesley
_________________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
