-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Bennetts wrote: > So by making cosmetic changes to the input you make it (even more) unlikely > that > someone can take your signature of the CoC and make a fake signature of > another > document you never signed.
Doesn't the fact that whitespace is ignored make it easier to forge a CoC signature via a "birthday attack"? You sign another document, and then the attacker forges a CoC signature by inserting whitespace in the CoC until the checksums match... Aaron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkui9tMACgkQ0F+nu1YWqI2MvgCeKKrHXkc+DX79PcGSSbzH/pro n+gAnAv70tE0NTyhfkH0biItlMB7nQ4b =yO2H -----END PGP SIGNATURE----- _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
