On Sun, Dec 01, 2002 at 11:22:09PM -0500, Perry E. Metzger wrote:
> 
> Bang Jun-Young <junyoung@netbsd.org> writes:
> > > In that case, what is the point of using an MD5 checksum?  A random number
> > > of the same length would serve equally well.
> > 
> > Since MD5 checksum is known to have very good distribution (i.e. a lot less
> > hash collision), it's the safest method to check for validity of the file.
> 
> No. Thor is absolutely correct. There is no advantage to an MD5
> checksum of the file over any random function yielding 128 bits if you
> do not check the hash later on. There is no need for a hash.

Ok, I'll ask a stupid question: 

If the unique identifier for the executable (and libraries?) is generated
at prebind time (or link time) then the time required to generated
this ID should be small but isn't a critical issue. Why does it matter
if the ID is generated with MD5 or CRC or pid_uid_time or whatever?
-- 
Kevin P. Neal                                http://www.pobox.com/~kpn/
      'Concerns about "rights" and "ownership" of domains are inappropriate.  
 It is appropriate to be concerned about "responsibilities" and "service" 
 to the community.' -- RFC 1591, page 4: March 1994