Your mostly right, but there are some slight things that are not correct in what you are saying. A CRC uses the contents of the text, message, what ever to generate what is called a checksum. A checksum is relatively insecure in that it can be fooled by altering certin portions of the message. The MD5 algorithm actually generates a hash, which is more secure than a checksum. In theory, altering any portion of the hashed contents would result in a different hash being generated. When gpg is used, a hash is also generated using a different algorithm, usually sha1. SHA1 is much more secure than the hash generated by the md5 algorithm. In fact, older versions of pgp use the md5 algorithm to sign things just as gpg and newer versions of pgp now use sha1. It is worth noting that md5 can also be used to generate checksums. Examples of this are programs such as md5sum. -- Joseph C. Lininger jbahm at pcdesk.net On Sun, 15 Feb 2004, Gregory Nowak wrote: > Someone please correct me if I'm wrong below. > > An md5sum is like a crc (cyclic redundancy check), which is basically > used to verify that the file transfered correctly. The md5 file is > generated by the author of whatever file you're checking the md5sum > of. Then, when you run the md5sum program, it generates the md5sum for > the file you downloaded, and then compares that md5sum to the one > found in the md5 file. I hope that makes sense. > > . On the other hand, > an asc signature is when a file is signed by gpg using your public > key, so that someone knows the file really came from you. > > Hth. > > Greg > > > On Sun, Feb 15, 2004 at 08:08:03PM -0500, Jes and guide dog Harley wrote: > > Speaking of md5 files, what is the difference between md5's versus .asc files? > > Jes > > > > > > _______________________________________________ > > Speakup mailing list > > Speakup at braille.uwo.ca > > http://speech.braille.uwo.ca/mailman/listinfo/speakup > >
