--- "Holt, Albert" <Albert.Holtat_private> wrote: > There are a number of reasons why it is prudent to > calculate SHA-1 in > addition to md5. They can be used to some degree to > compare and validate > each other's results. And what if some morning it is > discovered that there > is a fatal flaw in md5, and that the results cannot > be trusted? You already > have Plan B. Commodity compute power is cheap, as is > storage for a bunch of > 128/160 bit outputs. > > al holt > NSIRC In general, I agree to holt. In addition, if you are going to present the finding as legal evidence. Most likely, you would be challenged to the point how to cross validate the file integrity that you are claiming by just using a single MD5 value. regards, Raymond. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 10:48:54 PST