GnuPG Summer Riddle 2007 [SOLUTION]

Sascha Wilde wilde at sha-bang.de
Thu Jan 24 22:03:04 CET 2008 

Bernhard Reiter <bernhard at intevation.de> wrote:

SPOILER WARNING - SPOILER WARNING - SPOILER WARNING - SPOILER WARNING

                                SOLUTION

SPOILER WARNING - SPOILER WARNING - SPOILER WARNING - SPOILER WARNING

> http://ftp.intevation.de/users/bernhard/gnupg/gnupg-summer-riddle-2007/

Disclaimer: as suggested in rule c) I did _not_ look at the app files an
therefore did not verify my theory.

Here is my idea:

The signature provided is a text mode signature, therefore CRLF and LF
are handles the same and all files only differing by these sorts of
line breaks match the same signature.  Even worse: the used type of
line break doesn't have to be consistent within one file.

Proof of concept:

The attached files (using my favorite language) both match the same
textmode signature (attached for reference, too) but yield different
output:

wilde at kenny[~/tmp/gsr]% gpg2 --verify proof1.lisp.sig proof1.lisp
gpg: Signature made Thu Jan 24 21:45:40 2008 CET using DSA key ID 69115024
gpg: Good signature from "Sascha Wilde <swilde at sha-bang.de>"
gpg:                 aka "Sascha Wilde <wilde at sha-bang.de>"
wilde at kenny[~/tmp/gsr]% gpg2 --verify proof1.lisp.sig proof2.lisp
gpg: Signature made Thu Jan 24 21:45:40 2008 CET using DSA key ID 69115024
gpg: Good signature from "Sascha Wilde <swilde at sha-bang.de>"
gpg:                 aka "Sascha Wilde <wilde at sha-bang.de>"
wilde at kenny[~/tmp/gsr]% sbcl --noinform --noprint <proof1.lisp
bar
wilde at kenny[~/tmp/gsr]% sbcl --noinform --noprint <proof2.lisp
foo

cheers
sascha

-------------- next part --------------
A non-text attachment was scrubbed...
Name: proof1.lisp
Type: application/octet-stream
Size: 126 bytes
Desc: not available
URL: </pipermail/attachments/20080124/ee36d974/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: proof2.lisp
Type: application/octet-stream
Size: 126 bytes
Desc: not available
URL: </pipermail/attachments/20080124/ee36d974/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: proof1.lisp.sig
Type: application/octet-stream
Size: 65 bytes
Desc: not available
URL: </pipermail/attachments/20080124/ee36d974/attachment-0005.obj>
-------------- next part --------------
-- 
Sascha Wilde 
- no sig today... sorry!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: </pipermail/attachments/20080124/ee36d974/attachment-0001.pgp>

More information about the Gnupg-users mailing list