Signing ascii text
Stephen D. Williams
sdw at sdwsys.lig.net
Thu Dec 24 06:09:09 PST 1992
...
>
> The important part here is that the collapsing of whitespace would
> only affect the message digest, not the text as seen by the user. Two
> texts which read the same, but differ in whitespace, would have the
> same signature. If you recieved both files, you could see the
> difference in spacing, yet the same signature would be valid for both
> files. The main vulnerability is that a message whose meaning is
> partially encoded it its whitespace (like an ascii graphic, map, or
> chart) could have its meaning altered, without affecting the validity
> of the signature. Clearly one would not want to use this signature
> method on such texts. It would be a good feature for the signature
> algorithm to warn the user if it detects a pattern of whitespace that
> might convey information. I am not sure how to detect this reliably,
> though.
How about two signatures, verbatim and space-collapsed.
That way if the latter was valid but the former was not, you would
know that spacing was altered but other info remained valid.
sdw
More information about the cypherpunks-legacy
mailing list