Bogus digital signatures, Re: OT: utility account transfer frauds

John R T Brazier prunesquallor at proproco.co.uk
Sat, 12 Oct 2002 07:54:46 +0100 

Charles stated:

> Now the bad guy comes along, and he has to find some other meaningful
> text that hashes to the same as the original. Worse than that, he
> has to find some text whose meaning is such as to be useful in
> embarassing/blackmailing/whatever the victim. That is a hard problem,
> and the birthday paradox gives you no help at all.

The convention is that you produce your two texts (one for the punter to
sign, the other incriminating), and then play with the white space. You swap
spaces for tabs, and so forth. You can also append extra spaces, add and
then cancel out format markers, etc. A decent program should be able to
generate very large numbers of, say, Word documents that are apparently
identical but have different internal bit patterns (especially if you've got
'Track Changes' on, so that deleted material is still actually retained in
the file). You can rapidly approach the position where you have some text
with the random bit streams invisibly mixed in. At this point the birthday
'paradox' returns to give you aid.

> Or, in this case, the victim has only to convince the court that he did
> not keep his key particularly secure, and that the Bad Guy must have
> sneaked in and snitched it.

> Which seems to me like a good argument why the law should assume that
> anyone who does not keep his key secure should be made to abide by the
> content of anything signed with it.

Yes, for house keys. But your signing key will be protected by software
systems that you have to trust, unless we will require everyone to write
their own. How confident are you that Microsoft's .Net Passord/wallet is
completely secure? Given Microsoft's past history of fine-quality secure
software? (As an aside, I note that MS are discontinuing their Express
purchase service with Passport/wallet, see
http://www.passport.net/Consumer/WalletLetter.asp?lc=2057 - does anyone know
why, or is it because it works so well they are having to withdraw it?)

To me, it's all a better argument not to ever use digital signatures. Until
I can have some level of confidence in the software and organisational
structures that will support them. But then, I never use ATMs.

TTFN

John B