>> MD5 "...was all but broken by a German cryptographer, Hans >>Dobbertin..."[1] in 1996 wrote PGP's creator and founder of PGP >>Corporation, Phil Zimmermann. His application used RSA's MD5 and has >>changed to using SHA-1, also openly published developed by the NSA for >>the NIST. I notice you use MD5 checksums on OOo downloads on your >>website and I recommend changing to SHA-1.
For the purpose of verifying an uncorrupted download, MD5 is fine. Since you're getting the MD5sum from a source you have already decided to trust (the download site), the only issue is whether what you downloaded is what was posted. If you want to be sure that what you got was what the author/creator created, then you need a signed file. Tony -- Anthony E. Greene <mailto:[EMAIL PROTECTED]> AOL/Yahoo Messenger: TonyG05 HomePage: <http://www.greene-family.org/tony/> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D Linux. The choice of a GNU generation <http://www.linux.org/> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
