[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signing ascii text



...
> 
> The important part here is that the collapsing of whitespace would
> only affect the message digest, not the text as seen by the user.  Two
> texts which read the same, but differ in whitespace, would have the
> same signature.  If you recieved both files, you could see the
> difference in spacing, yet the same signature would be valid for both
> files.  The main vulnerability is that a message whose meaning is
> partially encoded it its whitespace (like an ascii graphic, map, or
> chart) could have its meaning altered, without affecting the validity
> of the signature.  Clearly one would not want to use this signature
> method on such texts.  It would be a good feature for the signature
> algorithm to warn the user if it detects a pattern of whitespace that
> might convey information.  I am not sure how to detect this reliably,
> though.

How about two signatures, verbatim and space-collapsed.

That way if the latter was valid but the former was not, you would
know that spacing was altered but other info remained valid.

sdw