On Thu, 23 Feb 2017 19:28:44 -0500, Jon Lewis said: > Doing it with an ASCII document, source code, or even something like a > Word document (containing only text and formatting), and having it not be > obvious upon inspection of the documents that the "imposter" document > contains some "specific hash influencing 'gibberish'" would be far more > disturbing.
Keep in mind that there's *lots* of stuff that people might want to sign that aren't flat ASCII. For instance, the video that just came out of that police officer's bodycam. If the "gibberish" is scattered across the pixels, you'll never know. And let's face it - if you need to do an inspection because you don't trust the hash to have done its job - *the hash has failed to do its job*.
pgp9FXqhe7BGY.pgp
Description: PGP signature
