Bogus digital signatures, Re: OT: utility account transfer frauds
Dave Howe
DaveHowe at gmx.co.uk
Sat, 12 Oct 2002 16:58:03 +0100
Charles Lindsey wrote:
> You still have to generate, on average, 2^64 versions of the document.
> And at the end, an expert witness who draws attention to the _very_
> peculiar contents of the 'Track Changes' part of the Word document
> could undo all your good work.
32 hex digits? I am sure I can find someplace in the word header structure
to hide that without a problem.
> I also noticed today, when checking something else in the PGP format,
> that the signature does NOT contain the MD5 hash in the clear (just
> the first two bytes of it). The first two bytes are worth 2^16, but
> that still means that you have to perform 2^48 full RSA decodings
> before you find your match.
erm - why?
you calculate the hash yourself (using freely available libraries) -
actually using pgp to do it would be a major pain.