[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: nmh 1.8?
|
From: |
Ken Hornstein |
|
Subject: |
Re: nmh 1.8? |
|
Date: |
Wed, 28 Dec 2022 13:33:30 -0500 |
>I would think that finding two plain text files with the same MD5
>that a mail message receiver finds an acceptable read is rather
>unlikely though. (Just generally speaking. CRUX Linux for
>example uses signify for package checksums, but still generates
>MD5 checksums as a fallback. CRC32 is also used still, but noone
>would claim it is secure.)
I don't doubt accidential collisions are unlikely even with MD5. But
it gets back to the core question ... what are you trying to accompish,
EXACTLY?
If you're the only one sending out Content-MD5 headers and no one
verifies them (the default in older versions of nmh was to neither
generate nor verify them), then you have no MD5 hashes to verify
on incoming emails, nor is anyone verifying the ones you send out.
So what, exactly, is the purpose of it?
If the cost of keeping it around was low I wouldn't care so much. But
the implementation was buried deeply in the MIME encoding and decoding
routines. The long-term cost was high. If there is something I am
missing about this, please, let me know!
--Ken
- nmh 1.8?, David Levine, 2022/12/26
- Re: nmh 1.8?, Ken Hornstein, 2022/12/26
- Re: nmh 1.8?, Ralph Corderoy, 2022/12/28
- Re: nmh 1.8?, Paul Fox, 2022/12/28
- Re: nmh 1.8?, Ralph Corderoy, 2022/12/31
- Re: nmh 1.8?, David Levine, 2022/12/31
- Re: nmh 1.8?, Ralph Corderoy, 2022/12/31
- Re: nmh 1.8?, Ken Hornstein, 2022/12/31
- Re: nmh 1.8?, Ken Hornstein, 2022/12/31
- Re: nmh 1.8?, Ken Hornstein, 2022/12/31
Re: nmh 1.8?, Kevin Cosgrove, 2022/12/31