[vlc-devel] commit: Add a comment about RIPEMD/160 ( Rafaël Carré )
git version control
git at videolan.org
Sun May 18 15:23:21 CEST 2008
vlc | branch: master | Rafaël Carré <funman at videolan.org> | Sun May 18 15:24:52 2008 +0200| [597e23cadf0ad4c2ae4e0a0584a1f5307447f866]
Add a comment about RIPEMD/160
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=597e23cadf0ad4c2ae4e0a0584a1f5307447f866
---
include/vlc_update.h | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/include/vlc_update.h b/include/vlc_update.h
index 2bf5318..a32c474 100644
--- a/include/vlc_update.h
+++ b/include/vlc_update.h
@@ -44,6 +44,10 @@
/*
* XXX
* When PGP-signing a file, we only sign a SHA-1 hash of this file
+ * The DSA key size requires that we use an algorithm which produce
+ * a 160 bits long hash
+ * An alternative is RIPEMD160 , which you can use by giving the option
+ * --digest-algo RIPEMD160 to GnuPG
*
* As soon as SHA-1 is broken, this method is not secure anymore, because an
* attacker could generate a file with the same SHA-1 hash.
More information about the vlc-devel
mailing list