On Tue, 2003-02-04 at 16:13, Kurt Roeckx wrote:
> On Tue, Feb 04, 2003 at 02:04:01PM -0600, Greg Copeland wrote:
> >
> > Even improperly used, digital signatures should never be worse than
> > simple checksums.  Having said that, anyone that is trusting checksums
> > as a form of authenticity validation is begging for trouble.
> Should I point out that a "fingerprint" is nothing more than a
> hash?

Since someone already mentioned MD5 checksums of tar files versus PGP
key fingerprints, perhaps things will become a bit clearer here if I
point out that the important point is not that these are both hashes of
some data, but that the time and means of acquisition of that hash are
entirely different between the two.

Curt Sampson  <[EMAIL PROTECTED]>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Reply via email to