[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FORGED CANCELS of posts on n.a.n-a.m



On Wed, 04 Oct 95 10:47:30 EDT, Dr. Dimitri Vulis ([email protected]) wrote:
:[alt.religion.scientology restored, since that's where most of the discussion
:of forged cancels has been taking place so far ]

[snip snip snip]

:When an article is posted, two quantities are computed by the posting program:
:M1 = H(article body + newsgroups + message-id + date + passphrase) and
:M2 = H(M1). The posted article contains the header "Cancel-lock: M2".
:When an attempt is made to cancel/supersede an article X with a "Cancel-lock:"
:header, the user is asked to supply the passphrase. The posting software
:computes M1 = H(X's body + newsgroups + X's message-id + date + passphrase)
:once again and adds the "Cancel-key: M1" header to the article containing
:"Control: cancel <X>" or "Supersedes: <X>" that's being posted.
:(Note that without knowing the passphrase it's intractable to match the M1.)
:Whenever news server software (such as inn) detects either "Control: cancel
:<X>" or "Supersedes: <X>", INN should retrieve the original article <X> and
:looks for the "Cancel-lock: M2" header. If one is found, then the old article
:may be cancelled only if the new article contains the header "Cancel-key: M1"
:such that H(M1) = M2.



One thing that occurs to me: suppose I go to control, collect cancel messages,
and build myself a collection of M1's that will work with a given M2?

That is, I can't actually invert the hashing function. But if a given
hash function is standard, then I can eventually build up a collection of
M1s for M2s that will let me cancel quite a few things I may want to.
How many cancel messages come through in a day?



--
Reverend Doctor David Gerard, KoX, SP 4.03 (awaiting verification of SP 5)
Prestige Elite(tm) Research Church of the SubGenius
"Servicing the Prestige Elite(tm) since 1985!"
OK, clams. You want war? You've got war.
--
Please email ALL followups (crappy and thoroughly dysfunctional newsfeed).
Personal visits from Scientologists will be greeted with extreme hostility
  and the vigilant attention of VUT Security, but personal physical violence
  *only* when appropriate, legal and called-for.
[email protected] (preferred); [email protected]
July 5, 1998, 7 AM. Saucers. End of the world. Your US$30 is your trip ticket.