Schneier: Why Digital Signatures are not Signatures (was Re:CRYPTO-GRAM, November 15, 2000)
Tue Dec 10 11:45:29 PST 2019
The Word example actually has other worrying problems not mentioned. A Word
document contains a lot of hidden information, including other versions. It
would be quite easy to sign a Word document that, when you viewed it, looks
significantly different then it could be displayed without violating the
signature. This is due to numerous problems, the most basic of which is that
we often don't sign what we view but instead some binary that we _believe_
represents what we viewed but often does not. This is not just theoretical
nor esoteric, but quite easy as the Word example shows.
In effect we have absolutely no idea what we are signing most of the time
even without comprimise of keys, programs and all that good stuff.
> -----Original Message-----
> From: owner-cryptography at c2.net [mailto:owner-cryptography at c2.net]On
> Behalf Of R. A. Hettinga
> Sent: Wednesday, November 15, 2000 10:51 PM
> To: dcsb at ai.mit.edu; Digital Bearer Settlement List;
> cryptography at c2.net; cypherpunks at cyberpass.net
> Subject: Schneier: Why Digital Signatures are not Signatures (was
> Re:CRYPTO-GRAM, November 15, 2000)
>
>
> At 5:58 PM -0600 on 11/15/00, Bruce Schneier wrote:
>
>
> > Why Digital Signatures Are Not Signatures
> >
> >
> >
More information about the cypherpunks-legacy
mailing list