Benjamin Schulz schrieb:
imagine that a package, which is provided on a server, is manipulated (trojan). there would be no problem for the bad guy to manipulate the md5sum, too (if provided on the same server). he just has to build it from the new package (trojan) and then replace the old one with the new.how can i proof, that the package is ok? md5sum is not satisfactory.why not?
signatures of files can not be as easily manipulated as md5sums. therefore you need to have the secret key and passphrase to sign the new package.
Thanx to everybody for your hints.
Greetings,
Fred
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
