On Tue, 2003-02-04 at 16:13, Kurt Roeckx wrote: > On Tue, Feb 04, 2003 at 02:04:01PM -0600, Greg Copeland wrote: > > > > Even improperly used, digital signatures should never be worse than > > simple checksums. Having said that, anyone that is trusting checksums > > as a form of authenticity validation is begging for trouble. > > Should I point out that a "fingerprint" is nothing more than a > hash?
Since someone already mentioned MD5 checksums of tar files versus PGP key fingerprints, perhaps things will become a bit clearer here if I point out that the important point is not that these are both hashes of some data, but that the time and means of acquisition of that hash are entirely different between the two. cjs -- Curt Sampson <[EMAIL PROTECTED]> +81 90 7737 2974 http://www.netbsd.org Don't you know, in this new Dark Age, we're all light. --XTC ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]