[Mac_crypto] Apple should use SHA! (or stronger) to authenticate software releases
Anton Stiglic
astiglic at okiok.com
Tue Apr 6 09:40:52 EDT 2004
> > But if you are given the choice between using MD5 and SHA1, I'd prefer
> > SHA1, but I wouldn't be concerned with someone using MD5 isntead of SHA1
> > for the time being. In other words, if I were to do a risk analysis, I
would
> > identify
> > the use of MD5 instead of SHA1 as one of the major risks.
> >
>
> "were" or "were not"?
I wanted to write "I would *not* identify the use of MD5 instead of SHA1 as
one
of the major risks". In other words, using MD5 instead of SHA1 would be low
risk
compared to the other threats that exist.
Sorry, the mistake changes to whole sense of the phrase.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list