A weakness in PGP signatures, and a suggested solution (long)
Chris Adams
cadams at fly.HiWAAY.net
Fri Dec 29 02:00:40 PST 1995
-----BEGIN PGP SIGNED MESSAGE-----
Newsgroups: alt.security.pgp,sci.crypt,mail.cypherpunks
In article <oTTsgD7w165w at bwalk.dm.com>,
Dr. Dimitri Vulis <dlv at bwalk.dm.com> wrote:
>I'll illustrate the problem with several scenarios of forgeries.
The easy way around this if you think this might happen is just to put a
line at the top of your signed message stating where the message is
supposed to go. Then if people see it elsewhere, they can figure out
that something is amiss.
See above for an example.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMON8jiJFQNhhNdm5AQHCFgf9GbaCMWRckNQA4y9Av8e0nigYP0GpGxEh
0A2w9dvSJBmuzaMJ8QxERieGVE61U3+VXOLgssdWXZsnqOPBNKk+2hYyx+vatFL9
XKETZV245acLo4VMNNxV4m/hGteuHUb4oQEKCWHwylyh/f9wfvx+ZTjvTyd8RiqQ
nwcpRPhRA4FozOaVNbjZw/A4nmvxq5I3gg3yMet3vfMWKdhLIy4gsvuhRm/asTGo
BUSw8PIJQbFbrXpoyWsP/sWGDa5tjN7Z05HnX9yU3OIa0uk6K6e2xKVJUo3G2Jso
Kts/pw2hqDBJ0K8XFsnicmncnUDz+FGNKqyCGsSFY8TlaVowpNFZJw==
=VpDg
-----END PGP SIGNATURE-----
--
Chris Adams (cadams at HiWAAY.net) Finger for PGP public key
"So, if anybody wants to have hardware sent to them: don't call me, but
instead write your own unix operating system. It has worked every time
for me." - Linus Torvalds, author of Linux (Unix-like) OS
More information about the cypherpunks-legacy
mailing list