On Mon, Feb 07, 2005 at 06:32:12PM +0200, Ognyan Kulev wrote: > Another thing he doesn't like is that check is based on signed MD5 hash of > content instead of based on signed content. Is it true that signed MD5 is > weaker than signed content? assymetric crypto ops are very slow, so you wouldn't want to do them on the whole content (signature would be the same order of size as teh content too..). so you always sign a message digest. you would want to choose a better one than md5 though (sha1 for example), but that's a trivial change cu robert -- Robert Lemmen http://www.semistable.com
Attachment:
signature.asc
Description: Digital signature