May I ask how razor-check sends the signature to the server? ie. under which protocol. The reason why I am asking is that I would want to know if the signature will be sent to the server securely.
I don't know the details of the protocol, but secure transmission doesn't matter in this case: The signature isn't going to contain anything useful from the email message. It's not a matter of encryption, it's that the information just isn't there anymore.
Are you familiar with MD5 sums? Razor works on a similar concept: Take a large amount of data (say, a program installer, a video file, or in this case, an email message), run a bunch of computations on it, and come up with a short string that looks something like: adshf87hdf98n32rkusdfh78fkjsdaf89fwa4nsdajhfas77fw. The computations are designed so that the same message will always get you the same signature, and different messages are *extremely* unlikely to result in the same signature. This technique is frequently used to verify downloads of large files (generate the signature on one side, then generate it again after you download it, and see if they match) - but you still have to download the entire file, you can't get it - or even part of it - from the signature.
Kelson Vibber
SpeedGate Communications <www.speed.net>
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Razor-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/razor-users
