Bogus digital signatures, Re: OT: utility account transfer frauds

[Brian Campbell]

On Sat, Oct 12, 2002 at 03:20:06PM +0100, Charles Lindsey wrote:
> 	On Sat, 12 Oct 2002 07:54:46 +0100
> 	"John R T Brazier" <prunesquallor@proproco.co.uk> said...
> > 
> > The convention is that you produce your two texts (one for the punter to
> > sign, the other incriminating), and then play with the white space. You swap
> > spaces for tabs, and so forth. You can also append extra spaces, add and
> > then cancel out format markers, etc. A decent program should be able to
> > generate very large numbers of, say, Word documents that are apparently
> > identical but have different internal bit patterns (especially if you've got
> > 'Track Changes' on, so that deleted material is still actually retained in
> > the file). You can rapidly approach the position where you have some text
> > with the random bit streams invisibly mixed in. At this point the birthday
> > 'paradox' returns to give you aid.
> 
> You still have to generate, on average, 2^64 versions of the document.
> And at the end, an expert witness who draws attention to the _very_
> peculiar contents of the 'Track Changes' part of the Word document could
> undo all your good work.

Moreover, if the victim keeps the document that they signed, a
sufficiently expert witness will show that both documents have the same
hash and so it cannot be determined which document was signed.  You can
also avoid becoming a victim by insisting that both parties sign, so
that you can demonstrate the other person's intent.

-- 
Brian Campbell