-----BEGIN PGP SIGNED MESSAGE-----
Moin,
On Sunday 28 August 2005 02:57, Erik Zachte wrote:
Zipping is only done as a quick way to determine download was succesful, without need for md5sum.
I think this is silly. The 32 bit CRC used in ZIP is even weaker than MD5.
Zipping the files puts a burden on the generator (takes time) and the user (takes time, space) and in this case actually increases the download.
Plus the determination whether the download was successfull needs to be done without ZIP or MD5sum, anyway, because these could be easily forged.
Digitally sign the files, and put up instruction on how to verify the signature. (I wonder why nobody wrote a firefox extension that automatically looks for .asc files, hunts down the key and verifies the download after completion..hmmm...)
Best wishes,
Tels
- -- Signed on Sun Aug 28 10:23:13 2005 with key 0x93B84C15. Visit my photo gallery at http://bloodgate.com/photos/ PGP key on http://bloodgate.com/tels.asc or per email.
"Duke Nukem Forever will come out before Doom 3." - George Broussard, 2002 (http://tinyurl.com/6m8nh)