More secure than smartcard or cryptostick against remote attacks?

Hubert Kario hka at qbs.com.pl
Wed Feb 6 19:11:31 CET 2013


On Wednesday 06 of February 2013 11:57:40 vedaal at nym.hush.com wrote:
> On Wednesday, February 06, 2013 at 5:42 AM, "Hauke Laging" 
<mailinglisten at hauke-laging.de> wrote:
> >The problem is not to forge a signature but the difficulty to
> >force that only data with checked integrity gets signed. How are you going
> >to do that with a PDF?
> 
> There is a bigger problem with a pdf, that if, once a hash algorithm becomes
> insecure enough that pre-image collisions are possible, it is possible to
> forge a signature.

Don't extended (-T, -X, -A form) PAdES signatures add new hash values?! I'm 
quite sure not only they do, but that it's mandatory. So, new hashes can be 
used when ones used in file are beginning to weaken (e.g. SHA1 now).

> This could still be detected by examining the details of the metadata of the
> pdf and seeing what 'extra' material was embedded, but only if a habit is
> made of checking the metadata very carefully.

I'd suggest to make a habit of not trusting PDF files with currently invalid 
timestamps... Or files without cryptographic timestamps with currently invalid 
signatures...

Regards,
-- 
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24
www.qbs.com.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2237 bytes
Desc: not available
URL: </pipermail/attachments/20130206/96ca7e0f/attachment-0001.bin>


More information about the Gnupg-users mailing list