-----BEGIN PGP SIGNED MESSAGE-----
Moin,
On Sunday 28 August 2005 02:57, Erik Zachte wrote:
Zipping is only done as a quick way to determine
download was
succesful, without need for md5sum.
I think this is silly. The 32 bit CRC used in ZIP is even weaker than MD5.
Zipping the files puts a burden on the generator (takes time) and the user
(takes time, space) and in this case actually increases the download.
Plus the determination whether the download was successfull needs to be
done without ZIP or MD5sum, anyway, because these could be easily forged.
Digitally sign the files, and put up instruction on how to verify the
signature. (I wonder why nobody wrote a firefox extension that
automatically looks for .asc files, hunts down the key and verifies the
download after completion..hmmm...)
Best wishes,
Tels
- --
Signed on Sun Aug 28 10:23:13 2005 with key 0x93B84C15.
Visit my photo gallery at
http://bloodgate.com/photos/
PGP key on
http://bloodgate.com/tels.asc or per email.
"Duke Nukem Forever will come out before Doom 3." - George Broussard,
2002 (
http://tinyurl.com/6m8nh)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQEVAwUBQxF1U3cLPEOTuEwVAQF1Nwf+NX2847Eojo3PfQ6RRUwQHQyJYc2qkVuc
wpABmKM/oGZBurfqS/hn+Df7vXSU/jdMKxrVlyhN9vPzWVZ40Mh/S8Za5T6rbRHh
kbLi0gz9kyi6gmlLi79qE7spmOpC8YfJR9fM9JhzPKS7fqv54JfZxZl5I+ECI+Sc
sSsVRy4wRAEI4EHVq8+gp7FkcC7Oxi1T07FBGEP/GAsyCT5rpFe55HAHwwSXP7gb
QiI1Bm5T/QADxOCptznBUTfLM6vk/04zHCHAPpwwwMXeT1d+eLpkVfqFxx6UTkDa
vfjly1kPKeKRO1eY0fSCyuT9S9VkGVciuVc76gMm2Sm7LzjPjce/7w==
=BhG3
-----END PGP SIGNATURE-----