On 12/5/24 11:13, Rainer Perske wrote:
Bruce Walzer schrieb am 2024-12-05:
What is the actual issue here?
Extremely simplified:
Attacker makes many good documents and many bad documents until he finds a
collision.
Seehttps://shattered.io
Attacker takes the good document and the bad document with the same hash.
Attacker asks victim to sign the good document.
Victim does so.
Attacker combines the signature with the bad document.
So the attacker can "prove" that the victim has signed the bad document.
Better solution: never sign a document exactly as presented to you;
always make a small change first. This could be as simple as including
a nonce in the signature. This is from Schneier's /Applied
Cryptography/ from many years ago: this problem (and its solution) is old.
-- Jacob
_______________________________________________
Gnupg-devel mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
