* Steffen Schulz: > If for whatever reason people get untrustworthy, it would be nice to > know as soon as possible, no? Government, Money, ..
Well, in this case, you're barking up the wrong tree. What you really want is some kind of audit trail, which might increase confidence in the integrity of the package creation process. A chain of cryptographic hashes which is put in place at the very end of that process is *not* an audit trail. It only secures distribution across the mirror network, and MD5 is currently good enough for that. Using SHA-384 for this purpose might even give a wrong sense of security. > And again, this is just one attack vector. To check the impact and > list the mitigating factors sure is good for employment. Security > design is something else. Security design is mostly about risk analysis. If you built security in from the start, it's unlikely your system will ever make it to the point where you see actual attacks (which means, in most systems: fraud). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
