Posted Jun 16, 2005 9:54 UTC (Thu) by copsewood
Parent article: MD5 collisions
I think the moral of this story is that the person signing something should preferably have a hand in authoring it in a way that will change its hash, e.g. by modifying whitespace in an unpredictable manner, or by adding a few random characters extraneous to the message being signed. Also, given the possibility of document rendering compromise, the least bad signing device is one which is only used for cryptographic applications, is under the physical control of the person signing the document, and can display what is being signed using a simple format prior to signing.
Not that ink on paper signatures are very secure either.
to post comments)