Le quintidi 5 ventôse, an CCXXIV, Thomas Schmitt a écrit : > The ISO checksums are provided more for transport verification than > for the fight against intentional mainpulation. If that were true, CRC32 would be enough. > Signing the hash lists by PGP still seems a bit weak as protection. Signing hashes will get you a spanking from any cryptographer. Cryptographic signatures must be applied on the file itself; it works internally by signing a hash of the file, but the hash is done in a way that prevents most attacks even with weak hashes. Regards, -- Nicolas George
Attachment:
signature.asc
Description: Digital signature