On Thu, Jun 23, 2005 at 02:01:09PM +0000, Brian J. Beesley wrote: > Umm. MD5 (and SHA-1) are looking dodgy these days - there are tools for > making files with matching hashes, and executable binaries tend to have > enough non-critical content (text strings etc) embedded in them to make a > matched hash rather less secure than you would think it should be. OK, better > than CRC32, but far from a secure safeguard.
Does it really matter? They aren't cryptographically signed anyhow. MD5/SHA1 (or rather, _any_ hash) without cryptographic signing or some other secure form of validation is good as a "better CRC", but not much else. /* Steinar */ -- Homepage: http://www.sesse.net/ _______________________________________________ Prime mailing list [email protected] http://hogranch.com/mailman/listinfo/prime
