Bogus digital signatures, Re: OT: utility account transfer frauds

[David Howe]

at Monday, October 14, 2002 9:12 PM, Brian Campbell
> Moreover, if the victim keeps the document that they signed, a
> sufficiently expert witness will show that both documents have the
> same hash and so it cannot be determined which document was signed.
Indeed so - that is the point.
By making it impossible to prove which document (or possibly a third
document not matching either) was signed, the court has to either accept
that all possible documents matching that hash are legally binding - or
none are. Once the original document is invalidated, the victim is left
without an enforcable contract.

> You can also avoid becoming a victim by insisting that both parties
> sign, so that you can demonstrate the other person's intent.
done in the usual manner (ie, two detached signatures) this will prove
nothing. I suspect an ascii-armoured version+sig would hash differently
to ascii-armoured-alternate+same sig; however, the last person to sign
could *still* create two copies (original and alternate) with different
signatures, but it would be then obvious which party did the forging.
a *clever* approach would be for the attacking party to sign first; he
could then seek two alternates that, after ascii armour and signing,
hash to the same value, but that would be a much harder task (involving
a lot more encoding and/or signing) than a simple hash search.  I am not
sure that is required though - if both parties produce a contract in
court, saying different things, but both signed by both parties, I
suspect it would take more education of judge and jury than is
reasonable to explain which party forged the document (although it would
be pretty obvious to an expert which of the two hashes were the same)