26 Apr
2007
26 Apr
'07
1:37 p.m.
"Chuck Guzis" wrote:
...
which would be used in legal actions. This was not a
case of
detecting errors; it was also a case of detecting attempts at
intentional manipulation.
It was amazing to hear the "experts" proclaim that if just discarded
the more involved (and harder to manipulate) scheme with a single SHA
or MD5 hash, the file would be virtually bullet proof from any
attempts at manipulation and be much simpler to work with.
Perhaps they where thinkings of a "signed" document, where the MD5
is encrypted with a private key...
but even if they were just talking about an MD5 hash, I think it would
be non-trivial to just add data to make the hash right. I'm not sure
you could do that with MD5, to be honest. hmmm... I'd claim an MD5
hash would pretty good, but should be protected also (via encryption).
(but I am not a crypto expert; hah. i can barely get out the door in the
morning)
-brad