Filename for digests
Oskar L.
oskar at rbgi.net
Sun Aug 21 23:25:50 CEST 2005
> On Sat, Jul 23, 2005 at 03:33:53AM +0000, Oskar L. wrote:
>> > Red Hat and others use a filename of "MD5SUM", which is a clearsigned
>> > file containing the human readable MD5 hashes. I like your CHECKSUMS
>> > idea better since MD5 isn't the way to go any longer.
>>
>> Naming a file containing hashes CHECKSUMS would not be a good idea,
>> since
>> a hash is not the same as a checksum.
>
> Sure they are. Or rather, a hash makes a very effective checksum, and
> that's how we're talking about using them, as a redundancy check.
> Where do you think the "sum" from md5sum/sha1sum/etc comes from?
>
> David
I'm afraid I have to disagree. From Wikipedia:
"Simple redundancy checks are known as checksums. They include parity
bits, check digits, and longitudinal redundancy check. Other types of
redundancy check include cyclic redundancy check, horizontal redundancy
check, vertical redundancy check, and cryptographic message digest."
"Checksums and Cyclic redundancy checks (CRCs) are quite distinct from
cryptographic hash functions, and are used for different applications. If
used for security, they are vulnerable to attack; for example, a CRC was
used for message integrity in the WEP encryption standard, but an attack
was readily discovered which exploited the linearity of the checksum
specified."
Wikipedia: Redundancy check
http://en.wikipedia.org/wiki/Redundancy_check
Wikipedia: Checksum
http://en.wikipedia.org/wiki/Checksum
Wikipedia: Hash function
http://en.wikipedia.org/wiki/Hash_function
Wikipedia: Cryptographic hash function
http://en.wikipedia.org/wiki/Cryptographic_hash_function
Oskar
More information about the Gnupg-users
mailing list