Can I see the checksum when I sign/verify a file?

[David Shaw]

On Thu, May 04, 2006 at 09:34:55AM -0600, Phil Helms wrote:
> Why not use MD5?

http://cryptography.hyperlink.cz/MD5_collisions.html

MD5 is deprecated in OpenPGP.  The current OpenPGP draft says:

      * The MD5 hash algorithm has been found to have weaknesses, with
        collisions found in a number of cases. MD5 is deprecated for
	use in OpenPGP. Implementations MUST NOT generate new signatures
        using MD5 as a hash function. They MAY continue to consider
	old signatures that used MD5 as valid.

David