PlayStation 3 predicts next US president
William Allen Simpson
william.allen.simpson at gmail.com
Sat Dec 1 22:57:58 EST 2007
James A. Donald wrote:
> So the certifier is going to go through each thing he
> certifies, to make sure there is nothing funny about it?
Yes.
> The whole point of MD5 is to automate that stuff. If an
> actual human has to go through it, and understand what
> it means, and certify the *meaning* then there is no
> reason to take an MD5 hash.
>
Apparently, you never read the original rationale for MD5. It
still does what it was intended to do....
> If it is a certifier, these are not "its" documents.
>
If it is a certifier, it damn well better be its own documents!
Look at the original message:
This implies a vulnerability in software integrity protection
and code signing schemes that still use MD5.
Anybody that's "certifying" software and code that they didn't
personally generate and vet is selling snake oil.
Trust is *not* transitive! Neither is reputation.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list