--
Joseph Ashwood:
> > > > So it's going to be broken by design. These are
> > > > critical errors that will eliminate any semblance of
> > > > security in your program.
James A. Donald:
> > > I challenge you to fool my canonicalization algorithm by
> > > modifying a message to as to change the apparent meaning
> > > while preserving the signature, or by producing a
> > > message that verifies as signed by me, while in fact a
> > > meaningfully different message to any that was genuinely
> > > signed by me.
Joseph Ashwood:
> That's easy, remember that you didn't limit the challenge to
> text files. It should be a fairly simple matter to create a
> JPEG file with a number of 0xA0 and 0x20 bytes, by simply
> swapping the value of those byte one can create a file that
> will pass your verification, but will obviously be corrupt.
> Your canonicalization is clearly and fatally flawed.
If so easy, do it.
> > Joseph Ashwood must produce a message that is meaningfully
> > different from any of the numerous messages that I have
> > sent to cypherpunks, but which verifies as sent by the
> > same person who sent past messages.
> >
> > Thus for Kong to be "broken" one must store a past message
> > from that proflic poster supposed called James Donald, in
> > the Kong database, and bring up a new message hacked up by
> > Joseph Ashwood, and have Kong display in the signature
> > verification screen
Joseph Ashwood:
> To verify that I would of course have to download and install
> Kong,
In other words, you are blowing smoke, and know full well you
are blowing smoke.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
H1Nbd40fMEd0QoHFng2hEcuA2a/BP07ab+GOBowZ
4HIcNbSdMF02EWVm52VJqtj0Jas+Wmq/SZ/UyT0uq
