-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, iang@cs.berkeley.edu writes: <paranoia>
This isn't just an issue of making sure your copy wasn't munged in transit; without checksums, what's stopping netscape from embedding the info you provide in the binary before shipping it to you, so that if it shows up on hacktic, they know who did it?
</paranoia> <img src="SarcasticGrin.jpg"> I trust Netscape, but I also cut the cards... [18:02] 1 [d:\tmp]:sendai# md5sum -b ns_inst.exe 0f4de3e744ec4e356ba9f8feb3ded7ec *ns_inst.exe [18:03] 1 [d:\tmp]:sendai# dir ns_inst.exe Volume in drive D is unlabeled Serial number is 4362:1EF5 Directory of d:\tmp\ns_inst.exe ns_inst.exe 3008531 7-16-96 20:24 3,008,531 bytes in 1 file(s) 3,010,560 bytes allocated 10,551,296 bytes free Their file delivery CGI could use some work... no reason I can see to offer the filename 'pick.cgi' for everything. Anyone sniffing the link knows the filename from previous forms submissions, anyway. OBRealCrypto: What's the best method for authenticating successive interactions with a CGI? Currently, the password is being passed clear as a hidden input field, but I have to believe there's a better way than that. One point is that the user will not be explicitly ending his session, but just wandering off to other pages. - -- Roy M. Silvernail [ ] roy@scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey@scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMe7F1hvikii9febJAQErowP+Kk+3RTSSeovzP6NcJquaM3DDwcVt4j1G KkXlKAAkQ2wTtueMeGsq4XNHf7bzwVOe2oMlqYTYzT2MIHgEvqbizrm3usCXeWK6 5iX1uIXnI3DDBuvCIZGkJs10wFJ6BvhHu3OxAsTadx5CwIMG1wDsLyIqoOs2wyV3 A4Ze99/SmpQ= =tjRf -----END PGP SIGNATURE-----