On 12/6/24 03:56, Rainer Perske wrote:
Hello
Jacob Bachmeyer schrieb am 2024-12-06:
Better solution: never sign a document exactly as presented to you; always
make a small change first. This could be as simple as including a nonce in the
signature.
Correct – if the change or nonce is big and random enough (at least about 80
bit of randomness to compensate for the lost 80 bits of security due to the
birthday attack, even if that is not a real compensation for multiple reasons),
i.e. make many small or few big changes to the content. But the normal user
does not know.
As I understand, one bit is enough to destroy a tediously prepared
collision; and Wiktor noted that PGP includes a timestamp (to one
second) in the signed data and the protocol allows implementations to
add more data to the signature.
-- Jacob
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
