Digital signatures have a big problem with meaning
John Gilmore
gnu at toad.com
Fri Jun 3 12:11:16 EDT 2005
> That cuts both ways though. Since so many systems *do* screw with data (in
> insignificant ways, e.g. stripping trailing blanks), anyone who does massage
> data in such a way that any trivial change will be detected is going to be
> inundated with false positives. Just ask any OpenPGP implementor about
> handling text canonicalisation.
Even mere hash checks are turning up obscure data corruptions. Some
people reported that BitTorrent would never finish certain files,
getting to 99.9% and stalling. The problem is that their NAT box was
replacing its external IP address with its internal address --
anywhere in a packet. This is called "Game mode" in some NAT boxes.
Their router was corrupting random binary data (and altering the TCP,
UDP, and Ethernet packet checksums!). They never noticed until
BitTorrent used end-to-end application-level SHA1 hash checks and
retransmission to detect and correct it.
http://azureus.aelitis.com/wiki/index.php/NinetyNine
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list