| From: | Kurt Roeckx <Q(at)ping(dot)be> |
|---|---|
| To: | Greg Copeland <greg(at)CopelandConsulting(dot)Net> |
| Cc: | Rod Taylor <rbt(at)rbt(dot)ca>, Curt Sampson <cjs(at)cynic(dot)net>, "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, Neil Conway <neilc(at)samurai(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PGP signing releases |
| Date: | 2003-02-04 22:13:47 |
| Message-ID: | 20030204221346.GA809@ping.be |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Feb 04, 2003 at 02:04:01PM -0600, Greg Copeland wrote:
>
> Even improperly used, digital signatures should never be worse than
> simple checksums. Having said that, anyone that is trusting checksums
> as a form of authenticity validation is begging for trouble.
Should I point out that a "fingerprint" is nothing more than a
hash?
> Checksums are not, in of themselves, a security mechanism.
So a figerprint and all the hash/digest function have no purpose
at all?
> There really isn't any comparison here.
I didn't say you could compare the security offered by both of
them. All I said was that md5 also makes sense from a security
point of view.
Should I also point out that md5 really isn't a "checksum",
it's a digest or hash. I have to agree that a real checksum,
where you just add all the bytes, offers no protection.
Kurt
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-02-04 22:26:15 | Re: POSIX regex performance bug in 7.3 Vs. 7.2 |
| Previous Message | Hannu Krosing | 2003-02-04 21:36:21 | Re: POSIX regex performance bug in 7.3 Vs. 7.2 |