I wrote:
> I think there are some good reasons to keep hashes such as MD5 or
> SHA-1 external to files they are intended to check, rather than
> embedded in the files:
>
> - If the digest is external, then something that corrupts the file
> might also corrupt the digest.
which makes no sense. What I meant to say was
- If the hash is embedded in the file and doesn't agree with the
file contents, it's not clear whether the file or the hash or both
were corrupted.
This is fairly minor, since a mismatch would tell you not to trust the
data in any case. But I still think keeping the hash separate from
the original file makes it easier to compute.
--Russ