On Mon, Aug 04, 2003 at 01:01:48PM -0700, Alan Connor wrote: > Kirk Strauser: > > In the same way, I could be Becky Smith using an alias. Regardless > > of my real identity, you know that any post with my signature was > > written by *me*. > > That has no meaning to me. What if I were to just copy all of that garbage > on your posts? Wouldn't people then think I was you?
Please do even the tiniest bit of research; the "garbage" is a mathematical function of the content of the message, not a single static object. This is a startlingly elementary mistake to make. > > If you trust this representation, do you really care if there's an > > exact correlation to a real-world identity? > > Don't trust it for one second. Don't believe that corporations and the > government can't decode PGP. I rather doubt it, actually. At the very least, it would take a very significant amount of computing horsepower per key that you wanted to attack. I believe I'd have heard about it if there were significant vulnerabilities in GPG's cipher algorithms (certainly if they were known by corporations!), and brute-force attacks on 1024-bit keys will be far from easy. In the real world, it would be far easier for a government to use physical means to appropriate your key. (I work for a cryptography company whom I won't name because I don't want to imply that I'm speaking for them, but it wouldn't take too much effort to find out if you cared.) > *I* wouldn't even consider using PGP signatures. As you've demonstrated, you don't even understand them, so whatever. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
