On Sun, Mar 23, 2003 at 02:34:00PM +0000, Nick Boyce wrote: > > An even more disturbing thought is that in contrast to rejecting > signatures that are in fact good, Kmail may validate signatures that > are in fact bad ...
If the problems are happening because something garbles the signature data, the laws of probability imply that garbling of data is extremely unlikely to produce a correct signature when there was an incorrect one before. It would take time >> age_of_universe (>> means much greater, not a shift op) with a fast computer (by today's standards, not necessarily tomorrow's) to forge a sig (with a reasonable key length). As long as the problems are with changing what gets fed to gpg, strong crypto makes this a virtual impossibility. If there is a problem inverting the sense of the output of gpg, or anything else after gpg has run, then that is much more serious. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC