> On Sat, Jul 23, 2005 at 03:33:53AM +0000, Oskar L. wrote: >> > Red Hat and others use a filename of "MD5SUM", which is a clearsigned >> > file containing the human readable MD5 hashes. I like your CHECKSUMS >> > idea better since MD5 isn't the way to go any longer. >> >> Naming a file containing hashes CHECKSUMS would not be a good idea, >> since >> a hash is not the same as a checksum. > > Sure they are. Or rather, a hash makes a very effective checksum, and > that's how we're talking about using them, as a redundancy check. > Where do you think the "sum" from md5sum/sha1sum/etc comes from? > > David
I'm afraid I have to disagree. From Wikipedia: "Simple redundancy checks are known as checksums. They include parity bits, check digits, and longitudinal redundancy check. Other types of redundancy check include cyclic redundancy check, horizontal redundancy check, vertical redundancy check, and cryptographic message digest." "Checksums and Cyclic redundancy checks (CRCs) are quite distinct from cryptographic hash functions, and are used for different applications. If used for security, they are vulnerable to attack; for example, a CRC was used for message integrity in the WEP encryption standard, but an attack was readily discovered which exploited the linearity of the checksum specified." Wikipedia: Redundancy check http://en.wikipedia.org/wiki/Redundancy_check Wikipedia: Checksum http://en.wikipedia.org/wiki/Checksum Wikipedia: Hash function http://en.wikipedia.org/wiki/Hash_function Wikipedia: Cryptographic hash function http://en.wikipedia.org/wiki/Cryptographic_hash_function Oskar _______________________________________________ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
