Improve from digest comment #711
Conversation
|
Agreed we should say "cryptographically broken" rather than "unsafe". Saying there's a "trivial exploit" is a bit misleading. The issue is that you can "forge a signature" on a 32-byte value that you obtain by just running the signature algorithm and backsolving for what the hash has to be. If you have an actual hash then you can't do this obviously, and you also can't do it if you have specific target text in mind like |
That's trivial, isn't it?
Yes but "hey, I own this key, as a proof, here's a signature of some random gibberish" was proven to be good enough to fool journalists. (Even technical! - the claim that CSW proved identity by signature was posted by a czech technical website without verification and only later it was updated to say it's not a valid signature.) So maybe it should say "trivial to exploit in some scenarios". |
It's trivial but it's not obviously an "attack". Is confusing journalists an attack? I guess it is, but making this have real-world consequences is far from trivial and seems to require running a multi-year con job. Maybe we could say it "has been trivially used in the past to execute attacks". We could even link to the CSW stunt in the docs. |
Sounds good. |
Kixunil
force-pushed
the
improve-from_digest-comment
branch
2 times, most recently
from
6b4ea98 to
baf5708
Compare
|
New text looks good to me. |
The example claimed it'd be unsafe, which is a specific Rust term and thus confusing. It'd just be cryptographically broken. Also the example passes in a constant which looks ridiculously unrealistic. Fix these by * changing the comment to say cryptographically broken * making the example pass the input through invisible fake hash function
Kixunil
force-pushed
the
improve-from_digest-comment
branch
from
baf5708 to
72e09c1
Compare
Minor improvement on top of #712