On Sunday 22 February 2004 08:20 pm, Simon Fredriksson wrote: > I wonder if it's possible to write the MD5 or CRC checksum of my > scriptfile to the scriptfile. I know that if I change it, the value will > change, but is there any way to calculate what it will be?
What you would have to do is find a collision, which is thankfully difficult to do- if it were easy, MD5 would be useless. Theoretically, you could modify say John The Ripper and have it brute force something, but you may end up waiting a few lifetimes :) > > Not just displaying it for the user, but actually having it written in > the file. Could be pretty usefull when distributing scripts. No worries > about losing the md5-file or sfv, etc. I'd recommend PGP/GPG signing instead- anyone can create a valid MD5 checksum, but only you can cryptographically sign your files (theoretically- if someone else can, you've got serious problems) Everyone seems happy enough with detached signatures. Also, you could use the OpenPGP specification to do what you want, just like when you send a PGP-signed e-mail the signature and the message are all in a single container. You may have to hack GPG a bit (not as difficult as you'd think) to have the PGP stuff in PHP comments, but i think you could do it... Sorry, I'm rambling. > > Just some thoughts. > > //Simon -- Evan Nemerson [EMAIL PROTECTED] http://coeusgroup.com/en -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
