[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signing ascii text

To: [email protected] (Eric Messick)
Subject: Re: Signing ascii text
From: [email protected] (Stephen D. Williams)
Date: Thu, 24 Dec 1992 09:03:33 -0500 (EST)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Eric Messick" at Dec 23, 92 03:03:39 pm

...
> 
> The important part here is that the collapsing of whitespace would
> only affect the message digest, not the text as seen by the user.  Two
> texts which read the same, but differ in whitespace, would have the
> same signature.  If you recieved both files, you could see the
> difference in spacing, yet the same signature would be valid for both
> files.  The main vulnerability is that a message whose meaning is
> partially encoded it its whitespace (like an ascii graphic, map, or
> chart) could have its meaning altered, without affecting the validity
> of the signature.  Clearly one would not want to use this signature
> method on such texts.  It would be a good feature for the signature
> algorithm to warn the user if it detects a pattern of whitespace that
> might convey information.  I am not sure how to detect this reliably,
> though.

How about two signatures, verbatim and space-collapsed.

That way if the latter was valid but the former was not, you would
know that spacing was altered but other info remained valid.

sdw

Follow-Ups:
- Signing ascii text
  - From: Bill Sommerfeld <[email protected]>

References:
- Re: Signing ascii text
  - From: Eric Messick <[email protected]>

Prev by Date: Belated holiday travel
Next by Date: Interview with Tim May on WFMU
Prev by thread: Re: Signing ascii text
Next by thread: Signing ascii text
Index(es):
- Date
- Thread