On Tue, Oct 15, 2013 at 8:12 PM, Tony Arcieri <[email protected]> wrote:
>> While I'm not defending MD5 at all, can a forgery m' have the same size as >> m? > Yes. That's a problem then... the verification line has the content length + signature; easy to check if the content has been padded. But if one can create a fake content with the same size and the same signature, the fingerprint is meaningless. > I didn't realize you were just calculating a key fingerprint. I don't see > the point of doing that for Curve25519 keys, given their short length. The key itself may be encrypted; there may also be metadata that is also encrypted. The goal is to allow verification out of band that the entire package wasn't replaced by a fraudulent version en-route. -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
