Ask Slashdot: Cryptography and Digital Signatures

Jonathan Squire writes in with questions concerning encryption. He writes: '...is it considered "secure" to generate an MD5 of a passphrase and then use the MD5 hash as the key to an RC4 cypher of a message/file that you want to send to someone? What are the implications of sending some alternative file with the same pass phrase used if someone who does not know the pass phrase is able to obtain both of the cyphertexts? What if they obtain both cyphertexts and one clear text, how hard would it be (computationaly/finacially) for them to derive the passphrase that was used?' There's more! Click the link below...

...continued...

Here are the rest of Jonathan's questions:

"Which hash functions are considered more secure/better SHA-1 , MD5, something else?

What are the diffrences between RC2, RC4, RC5... RC6, DES, etc?

Exactly what needs to be done to implement a digital signature? (procedurally) Do you start off making an MD5 (or some other hash) of the message append it to the message and then encrypt the message? Are ther more steps in between?"

Sounds like he needs a good book on encryption, but can print keep up with the rapid pace of encryption technology today? Does anyone know of a resource that does?