On Sun, Feb 11, 2001 at 10:44:35AM +1100, Peter Eckersley wrote: > Perhaps you would be better off using SHA-1, which is regarded as a > more secure alternative. IIRC, there is a patent on SHA-1 which allows > for its use in, eg, free software (somebody correct me if this is > wrong?) OpenBSD includes a sha1 utility which works the same way as md5sum, so apparently sha1 is at the very least usable in Free Software... (everything in the OpenBSD /usr/ports collection has all three of md5, sha1 and ripe160 (or whatever its called) hashes saved for the upstream tarball that will be downloaded. all three are verified before the port is built. ) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpP_qryQWwfv.pgp
Description: PGP signature