Wednesday, June 29, 2005

 

PDF/A

PDF/A, a restricted form of PDF targeted at long-term archiving, has been unanimously accepted as an ISO standard. Publication will be forthcoming.

# posted by Gary McGath @ 12:36 PM 0 comments

Tuesday, June 14, 2005

 

Weaknesses reported in digital signatures

A means of attack on the SHA-1 and MD5 signature generation algorithms has been reported by New Scientist. The trick apparently consists of creating two documents in PostScript which are nearly identical, but which have disjoint visible portions; that is, one part of the content is visible in the first document but not in the second, while another part is visible in the second but not in the first. Some recently discovered tricks with hash functions allow both of these documents to be created with the same hash value, and thus to generate the same digital signature.

If the signature authority can be tricked into signing one of these documents, which appears to harmless, the same signature can be placed on the other document, making it appear to be authenticated. As far as I can tell from the New Scientist description, this doesn't allow a signature to be transplanted to an independently generated document, but it still shows potential for serious security problems.

Plain text messages would appear to be least vulnerable to such attacks.


# posted by Gary McGath @ 12:42 PM 0 comments

Friday, June 03, 2005

 

JHOVE 1.0, finally

JHOVE 1.0 file format validation software is officially out at last!


# posted by Gary McGath @ 2:07 PM 0 comments

This page is powered by Blogger. Isn't yours?

free hit counters
free hit counters
hits since 30-Oct-2006
Copyright 2004-2008 Gary McGath. All rights reserved. Permission is granted to publish feeds of this blog on the Internet, provided the content is not altered and credit is given.