Adam Back wrote:
>
> This general area of discussion -- software modification
> authentication -- is a bit fuzzy: if you can modify the software you
> can patch out the check of the signature (a correctly placed NOP is
> known to do it).
>
The "PowerTalk" release of Macintosh System 7 (around 1993) allowed anyone
with an RSA public key to sign any Macintosh file, and any user to validate
a signed file. This worked for both applications and data files.
Recall that Macintosh files may contain both pure data and "resources"
(essentially a set of key/value pairs). Files were signed by adding a
specific resource with a signed MD5 hash. The signature format was
standardized, but I don't recall the specifics. The hash was taken over
the data area and a specific subset of resources to allow certain
resources to be modified without invalidating the hash: the set of
unchecked resources could be controlled by the signer and the set was,
itself, signed. While it would be trivial to remove a signature resource,
this would be apparent to the end user. A missing or invalid signature
check could also be made within the program itself.
Regrettably, PowerTalk (which had to run on a 4 MB 68020 and provided
integrated e-mail, directory services, authenticated and encrypted
networking and a slew of other features and mis-features) was far too
ambitious and, ultimately, unsuccessful in the marketplace. Some of
its capabilities are reported to be included in future Apple software
releases.
Martin Minow
[EMAIL PROTECTED]
