Tonnerre wrote:
> Salut,
> 
>>The purpose Matt stated was essentially a read-verify.
> 
> Did you think about people who might get the idea to use it for a different
> purpose?

If those people think they're any more secure using SHA${BIGNUM} than 
with CRC32, they're sorely mistaken.

What makes you think it would be easier to construct a kernel which has 
the same checksum than to simply alter the checksum? It is, after all, 
stored in the same file.

I think it's entirely reasonable to allow any reasonable algorithm to be 
specified. If this is likely to cause any confusion about its intended 
purpose, write a sentence in the manpage stating that it does not 
protect against tampering.

Anybody willing to rely on security features that are *clearly 
documented* as providing no protection has bigger problems than kernel 
tampering.

-- 
Gillette - the best a man can forget