-----BEGIN PGP SIGNED MESSAGE----- Hello Tom Johnston <tomj@microsoft.com> and Bill Stewart <stewarts@ix.netcom.com> and cypherpunks@toad.com Bill Stewart wrote: ...
3) Consider the case of a contractor who buys the development kit, ... into the US.) He probably can't legally re-export the code, or export the signed version of it, but he can export the signature itself, since that's not cryptographic code, and the foreign company can reattach it to their original document, which you have now signed.... ...
This is not that difficult for MS to work around - for example, they could modify the code harmlessly before signing it. Unless you know *how* they modified it, you can't reproduce it. Example: some assembly instructions have more than one machine code representation. MS could put some kind of cryptographically strong pattern into these (ie one that can't be reverse-engineered). ObCrypto: Stego in .EXE files? Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMQDT7ixV6mvvBgf5AQEEAwP/fJqfsCP1sA4ojwivHBeVxLpSfpKXEjpp MgcHSVnFWkw1ezPUAmC9tugT0NEtIIDDs4ntDHUUa6Ki/bH1QFxqD5Gw8OCeGDJU UQc/Y1o0K6XSAsiYWfEOE6fCnG3pbxGAc8s3Sz+TZbAhr0pqXIf3t1t6CNP3+dBn Gnuq+OyIv5E= =tfG3 -----END PGP SIGNATURE-----