PlayStation 3 predicts next US president

William Allen Simpson william.allen.simpson at
Sat Dec 1 22:57:58 EST 2007

James A. Donald wrote:
> So the certifier is going to go through each thing he
> certifies, to make sure there is nothing funny about it?


> The whole point of MD5 is to automate that stuff.  If an
> actual human has to go through it, and understand what
> it means, and certify the *meaning* then there is no
> reason to take an MD5 hash.
Apparently, you never read the original rationale for MD5.  It
still does what it was intended to do....

> If it is a certifier, these are not "its" documents.
If it is a certifier, it damn well better be its own documents!

Look at the original message:

   This implies a vulnerability in software integrity protection
   and code signing schemes that still use MD5.

Anybody that's "certifying" software and code that they didn't
personally generate and vet is selling snake oil.

Trust is *not* transitive!  Neither is reputation.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list