"Weger, B.M.M. de" <[EMAIL PROTECTED]> writes:
>
> Technically speaking you're correct, they're signing a program.
> But most people, certainly non-techies like Alice's boss,
> view postscript (or MS Word, or <name your favourite document 
> format that allows macros>) files not as programs but as static 
> data. In being targeted at non-techies I find this attack more 
> convincing than those of Mikle and Kaminsky, though essentially
> it's a very similar idea.
>
> Note that opening the postscript files in an ASCII-editor
> (or HEX-editor) immediately reveals the attack. Stefan Lucks
> told me they might be able to obfuscate the postscript code, 
> but again this will only fool the superficial auditor.

Yes, this is all true, but it's kind of orthogonal to my point,
which is that if you're willing to execute a program, this 
attack can be mounted *without* the ability to produce hash
collisions. The fact that so few people regard PS, HTML, Word,
etc. as software just makes this point that much sharper.
As far as I can tell, the ability fo produce hash collisions just
makes the attack marginally worse.

-Ekr



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to