Filename for digests

Oskar L. oskar at
Sun Aug 21 23:25:50 CEST 2005

> On Sat, Jul 23, 2005 at 03:33:53AM +0000, Oskar L. wrote:
>> > Red Hat and others use a filename of "MD5SUM", which is a clearsigned
>> > file containing the human readable MD5 hashes.  I like your CHECKSUMS
>> > idea better since MD5 isn't the way to go any longer.
>> Naming a file containing hashes CHECKSUMS would not be a good idea,
>> since
>> a hash is not the same as a checksum.
> Sure they are.  Or rather, a hash makes a very effective checksum, and
> that's how we're talking about using them, as a redundancy check.
> Where do you think the "sum" from md5sum/sha1sum/etc comes from?
> David

I'm afraid I have to disagree. From Wikipedia:

"Simple redundancy checks are known as checksums. They include parity
bits, check digits, and longitudinal redundancy check. Other types of
redundancy check include cyclic redundancy check, horizontal redundancy
check, vertical redundancy check, and cryptographic message digest."

"Checksums and Cyclic redundancy checks (CRCs) are quite distinct from
cryptographic hash functions, and are used for different applications. If
used for security, they are vulnerable to attack; for example, a CRC was
used for message integrity in the WEP encryption standard, but an attack
was readily discovered which exploited the linearity of the checksum

Wikipedia: Redundancy check

Wikipedia: Checksum

Wikipedia: Hash function

Wikipedia: Cryptographic hash function


More information about the Gnupg-users mailing list