Michael Skiba wrote: > ...sure it'll be possible to have two files with the same, > the point is, that it is almost impossible to make use of it to attack > something, since the file with the same md5sum must be valid and > contains the > destructive code and this will be rather difficult.
Right. On the other hand, if someone has access to the web server to plant their malicious files, they also have access to the files that hold the checksums. So in practice checksums are good protection against files corrupted in transit, but rather weak protection against malicious modifications. To check for that, you'd use PGP and get the public key from a keyserver or some other source, *not* from the webserver you downloaded the file from. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]