1995-12-29 - Re: A weakness in PGP signatures, and a suggested solution (long)

Header Data

From: cadams@fly.HiWAAY.net (Chris Adams)
To: N/A
Message Hash: 860368640c2ab38a2342bf50420f94210922dca8cb488093865f0f41ff5b1d40
Message ID: <4bvub2$4b3@fly.HiWAAY.net>
Reply To: <oTTsgD7w165w@bwalk.dm.com>
UTC Datetime: 1995-12-29 10:00:40 UTC
Raw Date: Fri, 29 Dec 1995 18:00:40 +0800

Raw message

From: cadams@fly.HiWAAY.net (Chris Adams)
Date: Fri, 29 Dec 1995 18:00:40 +0800
Subject: Re: A weakness in PGP signatures, and a suggested solution (long)
In-Reply-To: <oTTsgD7w165w@bwalk.dm.com>
Message-ID: <4bvub2$4b3@fly.HiWAAY.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Newsgroups: alt.security.pgp,sci.crypt,mail.cypherpunks

In article <oTTsgD7w165w@bwalk.dm.com>,
Dr. Dimitri Vulis <dlv@bwalk.dm.com> wrote:
>I'll illustrate the problem with several scenarios of forgeries.

The easy way around this if you think this might happen is just to put a
line at the top of your signed message stating where the message is
supposed to go.  Then if people see it elsewhere, they can figure out
that something is amiss.

See above for an example.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMON8jiJFQNhhNdm5AQHCFgf9GbaCMWRckNQA4y9Av8e0nigYP0GpGxEh
0A2w9dvSJBmuzaMJ8QxERieGVE61U3+VXOLgssdWXZsnqOPBNKk+2hYyx+vatFL9
XKETZV245acLo4VMNNxV4m/hGteuHUb4oQEKCWHwylyh/f9wfvx+ZTjvTyd8RiqQ
nwcpRPhRA4FozOaVNbjZw/A4nmvxq5I3gg3yMet3vfMWKdhLIy4gsvuhRm/asTGo
BUSw8PIJQbFbrXpoyWsP/sWGDa5tjN7Z05HnX9yU3OIa0uk6K6e2xKVJUo3G2Jso
Kts/pw2hqDBJ0K8XFsnicmncnUDz+FGNKqyCGsSFY8TlaVowpNFZJw==
=VpDg
-----END PGP SIGNATURE-----
-- 
Chris Adams (cadams@HiWAAY.net)               Finger for PGP public key 
"So, if anybody wants to have hardware sent to them: don't call me, but
instead write your own unix operating system.  It has worked every time
for me." - Linus Torvalds, author of Linux (Unix-like) OS





Thread