RE: Schneier: Why Digital Signatures are not Signatures (was Re:CRYPTO-GRAM, November 15, 2000)
6 Jul
2018
6 Jul
'18
2:44 a.m.
The Word example actually has other worrying problems not mentioned. A Word document contains a lot of hidden information, including other versions. It would be quite easy to sign a Word document that, when you viewed it, looks significantly different then it could be displayed without violating the signature. This is due to numerous problems, the most basic of which is that we often don't sign what we view but instead some binary that we _believe_ represents what we viewed but often does not. This is not just theoretical nor esoteric, but quite easy as the Word example shows. In effect we have absolutely no idea what we are signing most of the time even without comprimise of keys, programs and all that good stuff.
2395
Age (days ago)
2395
Last active (days ago)
0 comments
1 participants
participants (1)
-
None