Re: XP SP2

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Frank McCallister (anonymous)
Date: 08/09/04 

Date: Mon, 9 Aug 2004 00:12:13 -0500

Hi Susan

Interesting paragraph: "Ordinary digital signatures have an inherent
weakness: if the secret key is leaked, then all signatures, even the ones
generated before the leak, are no longer trustworthy Forward-secure digital
signatures were proposed in Crypto 1999 by Bellare and Miner [BM99] to
address this weakness: they ensure that past signatures remain secure even
if the current secret key is leaked."

Leaks at MS are notorious, else how does the file get out. If the file gets
out and the key gets out then modifications can be made and the signature
restored.

Frank
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:%23IHnrecfEHA.2812@tk2msftngp13.phx.gbl...
> CIS: Digital Signatures:
> http://theory.lcs.mit.edu/~cis/signatures/signatures.html
>
>
> Given that the file will be available begining tomorrow, the prudent and
> risk adverse person waits until the official download site has the
> download rather than going to "any" fileswapping site regardless of the
> abiity to confirm the digital signature of the file.
>
> Why take the risk when the file will be on a trusted source on Monday? I
> got access to the bits mainly because I volunteered to beta test it.
>
> Robert Hensing Security PSS tells stories of small businesses getting
> backdoor trojans installed on their machines because somone went to a P_rn
> site and downloaded files.
>
> Why take the risk is all I'm saying when it will be available on Monday.
> For most of out here we don't have test computers and servers and thus we
> shouldn't be taking unnecessary risks with our systems.
>
> Why travel to the "slums" and possibly get your car broken into when you
> can pick up what you need from the proper company tomorrow?
>
> http://www.mediapost.com/dtls_dsp_news.cfm?newsID=258535
>
> root wrote:
>> "clevere" <noway@sorry.net> wrote in message
>> news:%23IARcObfEHA.3888@TK2MSFTNGP09.phx.gbl...
>>
>>>I wouldn't call us Chicken Littles.. I'd call us smart. Signatures can be
>>>modified.
>>
>>
>> No they can't. Wanna cite a reference?
>>
>>
>>>"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
>>>wrote in message news:uFWQ$XafEHA.2028@tk2msftngp13.phx.gbl...
>>>
>>>>It will be there tomorrow on the download site. The chicken littles
>>>>stay way from fileswapping sites, digital sigs or not.
>>>
>>>
>>
>>
>
> --
> http://www.sbslinks.com/really.htm

Relevant Pages

  • Re: XP SP2
    ... This file got out because someone on the beta decided to disregard their ... do your own risk analysis. ... if the secret key is leaked, then all signatures, even the ones ... they ensure that past signatures remain secure even ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot save presentation without removing digital signatures
    ... > presentation contains digital signatures. ... > Then, true to its word, if I continue with the save, the digital signatures ... the code in any way and resaves it, ... Steve Rindsberg, PPT MVP ...
    (microsoft.public.powerpoint)
  • Re: Can you use ECC to produce digital signatures? It doesnt see so.
    ... > cryptography for digital signatures even though it is a form of Public ... Cryptographic Message Syntax, discusses ecdsa ...
    (sci.crypt)
  • Re: Basic question about RSA
    ... Or am I just being slow on the uptake? ... Some believe that one can simplify the explanation of how signatures ... Think of digital signatures as a primitive in their own right. ... digital signatures are built roughly as Gwyn says ...
    (sci.crypt)
  • Re: About PGP Signing a File.
    ... So any place you need to guarantee file integrity you can ... installs and system updates should be using digital signatures to ... I've also used digital signatures to monitor changes in critical system ...
    (Ubuntu)