Jonathan Lange wrote: > >From https://edge.launchpad.net/codeofconduct/1.1/+sign: > > "If you want to, add extra spaces or blank lines between words in the > file. (This helps protect against other people trying to forge your > signature.)" > > What?
IIRC, It's a protection against a <http://en.wikipedia.org/wiki/Birthday_attack>. The concern is that the text you are being asked to sign may have been specifically chosen because it will hash identically to a malicious document that says e.g. “By GPG-signing this document I authorise EvilCorp to empty my bank accounts and own my first-born child.” So by making cosmetic changes to the input you make it (even more) unlikely that someone can take your signature of the CoC and make a fake signature of another document you never signed. For maximum paranoia, make sure to use a cryptographically secure PRNG to determine the whitespace to add :) -Andrew. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
