...

As to weaknesses, I seem to remember that someone managed to forge a modification to a program used to observe networks on a Sun so that it had the same MD5 checksum as the official trusted version. But whether this is real is not strictly the issue.

There was a program that forged CRC checksums that came out a couple years back, letting you create a Trojan Horse and modify it to match Unix "sum" checksums by adding junk to the end. I'd be extremely surprised if anyone did this with MD5; CRCs are invertable, and generally short enough to brute-force as well. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---