On Tue, Feb 04, 2003 at 02:04:01PM -0600, Greg Copeland wrote:
>
> Even improperly used, digital signatures should never be worse than
> simple checksums. Having said that, anyone that is trusting checksums
> as a form of authenticity validation is begging for trouble.
Should I point out that a "fingerprint" is nothing more than a
hash?
> Checksums are not, in of themselves, a security mechanism.
So a figerprint and all the hash/digest function have no purpose
at all?
> There really isn't any comparison here.
I didn't say you could compare the security offered by both of
them. All I said was that md5 also makes sense from a security
point of view.
Should I also point out that md5 really isn't a "checksum",
it's a digest or hash. I have to agree that a real checksum,
where you just add all the bytes, offers no protection.
Kurt
