Loading ...
Sorry, an error occurred while loading the content.
 

Re: [rss-media] Re: Latest revision up...

Expand Messages
  • Lucas Gonze
    ... It s unlikely that the apps you re thinking of need anything but MD5, but there are plenty of other apps that would need a reliable hash, so the best
    Message 1 of 15 , Feb 28, 2005
      > On Sun, Feb 27, 2005 at 02:16:27AM -0000, daviddhall@... wrote:
      > > So, the only potential for harm is if you are wanting to download a
      > > file from an untrusted source, but you think the file is trustworthy
      > > based on some sort of md5 backtracking to a trusted site. (This of
      > > course is all in theory since none of this is working). So you
      > > download the file... you then have to run a md5 sum of the file to
      > > ensure it matches the md5 published by the trusted site. Here's where
      > > the potential for harm occurs. You think it's ok because the md5 was
      > > blessed by the trusted site.
      ...
      > > I just wonder if this is really something to be concerned about. I go
      > > back and forth because I see the beauty of keeping the same hash
      > > algo.

      It's unlikely that the apps you're thinking of need anything but MD5, but
      there are plenty of other apps that would need a reliable hash, so the
      best reason to allow other hash algos is that you want the spec to be
      useful for applications aside from Yahoo's.

      - Lucas
    Your message has been successfully submitted and would be delivered to recipients shortly.