home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Datafile PD-CD 3
/
PDCD_3.iso
/
utilities
/
utilss
/
signature
/
!Signature
/
!Help
< prev
next >
Wrap
Text File
|
1993-02-04
|
24KB
|
552 lines
Open reply on NetMail, dated Sat,16 Jan 1993.18:13:58, sent
From: Dirk-Willem van Gulik
To: All
Subject: Re: Signature 1.04
Help file for Signature.
This is a TEST version.
version 1.04
© 1993 Dirk-Willem van Gulik
- supports interactive help -
For conditions of use, see the end of this file.
This program allows you to 'sign' and 'seal' text files with your
personal signature. This seal/signature is attached to the text.
Any changes made to the text will render this signature invalid.
A public key list allows you to check signatures from other
people. If you drag a signed message into this programme it will
check the signature against the known public keys of the sender.
This implies that the message must have a certain header (as
WimpLink 0.96 supplies) which includes the sender.
You will have to create a personal signature first with the
programme 'maker' which accompanies this application. This
programme will make both a secret and a public key. You can then
distribute the public key freely. A 'public' file, which you can
distrubute as a message is create in the same (root) directory as
!Signature.
As the secret password is stored on disc there is an option in
the program to scramble it with a secret password. You should do
this as soon as possible. Just run !Signature immediately. The
programme will agressively ask for such a password, in fact it
will refuse to do anything, until you have entered one. After
this 'first-time-bad-behaviour' it should get into better moods,
and bit will bhaves decently (I hope) on your sucsessive runs.
This password is normally a sentence of about 15 words long.
Special 'token' words will code the signature. The first time
you run the programme '!Signature' after having used Maker, you
will be prompted to enter a password. In the 'Change/Enter
password' window you will find a 'token-word-list'. Only words
from this list scramble your signature. Normally you would build
a sentence around about 10 words chosen from this list. As an
example you could make passwords like these:
- He himself is a good rabbit.
- London is no longer a good living place to look after.
- Drink Driving is a stupid thing to do.
As you will see only half of these words actually count, i.e.
code your signature. You can see how many 'valid' words you
entered by pressing on 'COUNT'. At least one word should be taken
from the token list in order to make a password a valid password.
If not, the programme will refuse to accept the password. After
you have pressed the 'Change' button your signature will be coded
and stored on disc. From then on you will be prompted to enter a
password each time you run !Signature. This password is checked
against the known public keys. After that it will be used
together with the information on disk to sign any messages you
drag into the programme.
Be sure you remember your password as there is no way of
recovering it, the 'private file', the password and at least one
public key are needed to sign a message. If any of these gets
missing there is no way of recovering it. You need both public
keys to check the signature of someone else.
After you have ran 'Maker', to create your signature, and
!Signature, to enter your personal password, and you have
distributed the 'public' key-file to your friends, you are ready
to go....
The RSA Public key crypto system...
In 1978 Rivest, Shamir and Adleman published a scientific paper
which, in one brilliant stroke, made all problems with secret
keys, reliable messengers and authorized channels history. They
devized an asymetric coding scheme utilizing a set of three keys.
One of these keys is a secret master key, the two other keys are
known as the public keys. The scheme is called asymtric because
coding and decoding is ruled by different keys. Depending on the
way you use them you can either 'code' messages with the public
key which can only be decoded by the secret key or you can
de-code messages with the public key which can only be coded by
the secret key. This last option is used in this Signature
application.
Because you 'cannot' reconstruct the secret key out of the public
key this system does not rely on complicated exchanges of secret
keys and passwords. This makes it possible for someone to
distribute his public keys. The 'cannot' verb should not be taken
too seriously, it is possible to do this reconstruction at the
expense of an immense amounth of computer power. The amounth of
power required relies on the lenght of the key. Signature can
cope with long keys, up to 300 decimal digits. The last 'hack'
reported on the RSA scheme was done by Manasse and Lemstra in
1990. Using massive parallel computer power they managed to break
one individual signature of lenght 107. In the appendix you can
find a short explanation of the RSA system, the way it works and
how it can be broken.
Brute force code breaking however is not a serious risk. Using
something commenly known as 'human-engineering' one could fool
people far more easier and cheaper. The famous example is of
someone calling up and saying 'hello, this is your friendly bank
manager speaking, we are having problems with our computer, and
something is happening to your bank account. What is your
Personal Identity Code ?' Using a 100 digits or more will
certainly ensure that the 'technical side' of signing messages is
dealt with and that the 'weakest' link must be found on the
organizational/human half of the story.
The signing procedure
This procedure consists of three steps; Checksum creation, Coding
and adding the signature to the message. The first step creates a
unique number which is dependent on every single character in the
message. Changing a single character will affect the checksum in
a very unpredictable way. In this 'unpredictable' is the
key-word. Up till version 1.04 use a technique classified as
polinomal creation. Later version have a few more tricks up their
sleeve. The reason for this is that the checksum is of cource
shorter than the text. So there must be quite a number of
different messages all with the same checksum. This means that in
theory you could change a message and still have the same
checksum. This would not be detected by the system. However the
lenght of this checksum is equal to the length of the key.
Because of the fairly 'inpredictable' way in which this checksum
changes it is very hard to generate a message which is both
meaningfull AND which has a specific checksum. Currently a
length of 39 decimal digits is considered to be safe....
!Signature uses a checksum which has the same length as the
secret key, in the order of 100 digits.
This checksum is then coded using your very personal and secret
key. The resultant chypher code is translated into reable ascii.
This ascii string is added to the message.
The receiver removes this string. Next it again calculates the
checksum. Then it 'decodes' the signature using the known public
keys of the sender. This should result in the vaule of the
original checksum. This must match with the newly calculated
checksum. If they do you can savely assume that the message is
NOT altered and that the signature has been created by somone,
the sender, who knew the secret key. As you will notice only
'public' information is used and created in this process. The
checksum which is calculated is of cource public, because the
receiver may read the message. The information extracted from the
signature is again a checksum, which contains information about
the message to which you already have acces to.
Well that is the technical side.... now for the weak spots:
..... the secret key and all the values of the variables used whilst
creating it must be kept secret.
..... the checksum must be long enough and must be so unpredictable
that it is impossible to create a message given a certain checksum
..... the communication channel of the public key and messages must
be safe. If not an attacker could intercept the public key and
all messages send to you, send you his own public ke