More secure than smartcard or cryptostick against remote attacks?
hka at qbs.com.pl
Wed Feb 6 19:11:31 CET 2013
On Wednesday 06 of February 2013 11:57:40 vedaal at nym.hush.com wrote:
> On Wednesday, February 06, 2013 at 5:42 AM, "Hauke Laging"
<mailinglisten at hauke-laging.de> wrote:
> >The problem is not to forge a signature but the difficulty to
> >force that only data with checked integrity gets signed. How are you going
> >to do that with a PDF?
> There is a bigger problem with a pdf, that if, once a hash algorithm becomes
> insecure enough that pre-image collisions are possible, it is possible to
> forge a signature.
Don't extended (-T, -X, -A form) PAdES signatures add new hash values?! I'm
quite sure not only they do, but that it's mandatory. So, new hashes can be
used when ones used in file are beginning to weaken (e.g. SHA1 now).
> This could still be detected by examining the details of the metadata of the
> pdf and seeing what 'extra' material was embedded, but only if a habit is
> made of checking the metadata very carefully.
I'd suggest to make a habit of not trusting PDF files with currently invalid
timestamps... Or files without cryptographic timestamps with currently invalid
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2237 bytes
Desc: not available
More information about the Gnupg-users