From: Anonymous <nobody@replay.com>
To: cypherpunks@cyberpass.net
Message Hash: db337f3705e34cef1d1123550966d0b221c04b4970c535df76d7b5b7f63715ea
Message ID: <199810112027.WAA06963@replay.com>
Reply To: N/A
UTC Datetime: 1998-10-11 20:47:37 UTC
Raw Date: Mon, 12 Oct 1998 04:47:37 +0800
From: Anonymous <nobody@replay.com>
Date: Mon, 12 Oct 1998 04:47:37 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Hidden WebTV signatures
Message-ID: <199810112027.WAA06963@replay.com>
MIME-Version: 1.0
Content-Type: text/plain
Peter Gutmann writes:
> For those of you who don't read sci.crypt, Robert Ames <gnome@istar.ca> has
> posted an article in which he observes that all WebTV posts contain an
> X-WebTV-Signature: line containing base64-encoded data. For samples of
> WebTV-generated posts, try the alt.weemba newsgroup, which is filled with
> WebTV-user drool (caution: remember to employ protection when exposting your
> mind to the content of the messages). Some samples:
>
> X-WebTV-Signature: 1
> ETAsAhQDqtur/jfleJ2CDOnNrVoeyALEQAIUOQyCBbzjx5HHfxeMERDgCjztXOU=
> X-WebTV-Signature: 1
> ETAtAhUAmCCzQt+Tqt6fNX+L9+gDCECaqQkCFA0YCPz5tk85mUgq7iX/u4vWvOgG
Could someone grep their news spool for a few hundred of these signatures
and post them here? We can do statistical analysis on them and determine
whether they all appear to be modulo the same q value.
> These decode into ASN.1-encoded DSA signatures, eg:
>
> 1 30 45: SEQUENCE {
> 3 02 21: INTEGER
> : 00 98 20 B3 42 DF 93 AA DE 9F 35 7F 8B F7 E8 03
> : 08 40 9A A9 09
> 26 02 20: INTEGER
> : 0D 18 08 FC F9 B6 4F 39 99 48 2A EE 25 FF BB 8B
> : D6 BC E8 06
> : }
>
> for the second one. The key isn't included in the header, presumably the
> @webtv.net address can be tied to the hardware which contains some hardcoded
> DSA key. I wonder if WebTV users know they're signing each message they send?
If they are DSA signatures, they should all be mod q, where q is some 160
bit prime. Whether everyone uses the same key or different keys, they
probably all share p and q. In that case the histogram of the values should
be flat up to a cutoff point. We need to collect some hundreds of these
values in order to distinguish them from random 160 bit values.
The largest q value found in a dozen or so alt.weemba messages from
dejanews started with 0xc0, so q must be at least this large if they
are DSA sigs. This amount of data was not sufficient to distinguish
from alternate theories, such as that each person has a random 160 bit q.
Return to October 1998
Return to “phelix@vallnet.com”