[Mac_crypto] Apple should use SHA! (or stronger) to
authenticate software releases
R. A. Hettinga
mac_crypto@vmeng.com
Tue, 6 Apr 2004 19:14:18 -0400
--- begin forwarded text
Delivered-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "Thomas Harold" <tgh@tgharold.com>, <cryptography@metzdowd.com>
Subject: Re: [Mac_crypto] Apple should use SHA! (or stronger) to
authenticate software releases
Date: Tue, 6 Apr 2004 09:40:52 -0400
Organization: Okiok Lts
Sender: owner-cryptography@metzdowd.com
> > But if you are given the choice between using MD5 and SHA1, I'd prefer
> > SHA1, but I wouldn't be concerned with someone using MD5 isntead of SHA1
> > for the time being. In other words, if I were to do a risk analysis, I
would
> > identify
> > the use of MD5 instead of SHA1 as one of the major risks.
> >
>
> "were" or "were not"?
I wanted to write "I would *not* identify the use of MD5 instead of SHA1 as
one
of the major risks". In other words, using MD5 instead of SHA1 would be low
risk
compared to the other threats that exist.
Sorry, the mistake changes to whole sense of the phrase.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'