[Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases

R. A. Hettinga rah at shipwright.com
Mon Apr 5 13:37:55 EDT 2004 

--- begin forwarded text


To: mac_crypto at vmeng.com
From: Vinnie Moscaritolo <vinnie at vmeng.com>
Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to
 authenticate software  releases
Sender: mac_crypto-admin at vmeng.com
Reply-To: mac_crypto at vmeng.com
List-Id: Macintosh Cryptography <mac_crypto.vmeng.com>
List-Post: <mailto:mac_crypto at vmeng.com>
List-Help: <mailto:mac_crypto-request at vmeng.com?subject=help>
List-Subscribe: <http://www.vmeng.com/mailman/listinfo/mac_crypto>,
	<mailto:mac_crypto-request at vmeng.com?subject=subscribe>
List-Archive: <http://www.vmeng.com/pipermail/mac_crypto/>
Date: Mon, 5 Apr 2004 08:10:26 -0800

one more thing for all it's worth.. MD5 is not a FIPS-140-2  approved
algorithm.
http://csrc.nist.gov/cryptval/   this would technically prevent osx
from being used
in any Federal or Mil environment.   Apple will eventually have to
address this concern.


At 6:17 AM -0500 4/4/04, Arnold G. Reinhold wrote:
>The cryptographic hash function MD5 has long been used to
>authenticate software packages, particularly in the Linux/Unix/open
>source community. This has carried over to Apple's OS-X. The MD5
>hash of an entire package is calculated and its value is transmitted
>separately from the package. Users who download the package compute
>the hash of the copy they received and match that value against the
>original.

-- 
Vinnie Moscaritolo  ITCB-IMSH
PGP: 3F903472C3AF622D5D918D9BD8B100090B3EF042
-------------------------------------------------------

"When the pin is pulled, Mr. Grenade is not our friend."
				 - USMC training bulletin.

_______________________________________________
mac_crypto mailing list
mac_crypto at vmeng.com
http://www.vmeng.com/mailman/listinfo/mac_crypto

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list