[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signing pictures -- how hard, how long?

To: [email protected]
Subject: Re: Signing pictures -- how hard, how long?
From: [email protected]
Date: Tue, 14 Dec 93 19:05 EST
Original-From: whscad1!kqb (Kevin Q Brown +1 201 386 7344)

Alan (Miburi-san) Wexelblat <[email protected]> said:
> The problem with bit-rot is a more significant one.  In this case you might
> want to compute your hash not over every bit of the image, but over the
> "significant" ones.  That way if you lose low-order bits that no one cares
> about your signature is still valid.

If your signature does not include the low order bits of your image,
then someone could embed a secret message in those low order bits
(via Romana Machado's "Stego," for example) and your signature still
would be valid.  I wouldn't want my signature over someone else's
steganized message.

I'm sure there's a simple fix for that, such as ensuring enough bit rot
to blow away any but the most error-tolerant steganography or including
a disclaimer of responsibility for the low-order bits, but I couldn't
resist pointing it out.

                              Kevin Q. Brown
                              INTERNET    [email protected]
                                 or       [email protected]

Prev by Date: Signing pictures -- how hard, how long?
Next by Date: MTGS: Conflict Alert
Prev by thread: Signing pictures -- how hard, how long?
Next by thread: Surrender or Die
Index(es):
- Date
- Thread