Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit : > The ISO checksums are provided more for transport verification than > for the fight against intentional mainpulation.
If that were true, CRC32 would be enough. > Signing the hash lists by PGP still seems a bit weak as protection. Signing hashes will get you a spanking from any cryptographer. Cryptographic signatures must be applied on the file itself; it works internally by signing a hash of the file, but the hash is done in a way that prevents most attacks even with weak hashes. Regards, -- Nicolas George
signature.asc
Description: Digital signature
