[5562] in cryptography@c2.net mail archive
Re: plausible CAPI recovery designs (Re: FW: Cryptonym...)
daemon@ATHENA.MIT.EDU (Martin Minow)
Thu Sep 9 15:38:53 1999
Date: Thu, 09 Sep 1999 09:43:00 -0700
From: Martin Minow <minow@pobox.com>
Reply-To: minow@pobox.com
To: Adam Back <adam@cypherspace.org>, cryptography@c2.net,
cypherpunks@cyberpass.net, adam@cypherspace.org
Cc: ukcrypto@maillist.ox.ac.uk, cypherpunks@cyberpass.net
Adam Back wrote:
>
> This general area of discussion -- software modification
> authentication -- is a bit fuzzy: if you can modify the software you
> can patch out the check of the signature (a correctly placed NOP is
> known to do it).
>
The "PowerTalk" release of Macintosh System 7 (around 1993) allowed anyone
with an RSA public key to sign any Macintosh file, and any user to validate
a signed file. This worked for both applications and data files.
Recall that Macintosh files may contain both pure data and "resources"
(essentially a set of key/value pairs). Files were signed by adding a
specific resource with a signed MD5 hash. The signature format was
standardized, but I don't recall the specifics. The hash was taken over
the data area and a specific subset of resources to allow certain
resources to be modified without invalidating the hash: the set of
unchecked resources could be controlled by the signer and the set was,
itself, signed. While it would be trivial to remove a signature resource,
this would be apparent to the end user. A missing or invalid signature
check could also be made within the program itself.
Regrettably, PowerTalk (which had to run on a 4 MB 68020 and provided
integrated e-mail, directory services, authenticated and encrypted
networking and a slew of other features and mis-features) was far too
ambitious and, ultimately, unsuccessful in the marketplace. Some of
its capabilities are reported to be included in future Apple software
releases.
Martin Minow
minow@pobox.com
