[11414] in cryptography@c2.net mail archive
Re: md5 for bootstrap checksum of md5 implementations? (Re: [ANNOUNCE] OpenSSL 0.9.6f released)
daemon@ATHENA.MIT.EDU (Barney Wolff)
Fri Aug 9 14:21:01 2002
Date: Fri, 9 Aug 2002 13:23:07 -0400
From: Barney Wolff <barney@tp.databus.com>
To: cryptography@wasabisystems.com
In-Reply-To: <20020809170849.A640855@exeter.ac.uk>
C for md5 with a driver and test results is in RFC 1321, which is
available in so many public places that it's impossible to trojan.
Of course you need a compiler you trust, as Ken pointed out so long ago.
If I were that paranoid I'd rather trust a C compiler than Perl -
at least I can inspect the (staticly linked) executable produced.
Does anybody offer a public MD5 web service? Though if your omnipotent
attacker sits between you and the world, this does no good.
> > Is there another md5/hash program that's readily available?
> > Cf: Thompson's reflections on trusting trust.
--
Barney Wolff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
