[15812] in cryptography@c2.net mail archive
Re: dual-use digital signature vulnerability
daemon@ATHENA.MIT.EDU (Rich Salz)
Thu Jul 22 13:46:26 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 21 Jul 2004 14:48:46 -0400 (EDT)
From: Rich Salz <rsalz@datapower.com>
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <6.1.2.0.2.20040719090749.03cac8e0@mail.comcast.net>
> attempt to address this area; rather than simple "i agree"/"disagree"
> buttons ... they put little checkmarks at places in scrolled form .... you
> have to at least scroll thru the document and click on one or more
> checkmarks .... before doing the "i agree" button. a digital signature has
> somewhat higher integrity than simple clicking on the "i agree" button ...
See US patent 5,995,625. The abstract:
A method of unwrapping wrapped digital data that is unusable
while wrapped, includes obtaining an acceptance phrase from a
user; deriving a cryptographic key from the acceptance phrase;
and unwrapping the package of digital data using the derived
cryptographic key. The acceptance phrase is a phrase entered
by a user in response to information provided to the user. The
information and the acceptance phrase can be in any appropriate
language. The digital data includes, alone or in combination, any
of: software, a cryptographic key, an identifying certificate,
an authorizing certificate, a data element or field of an
identifying or authorizing certificate, a data file representing
an images, data representing text, numbers, audio, and video.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
