[zeromq-dev] Proposal for ZeroMQ certificate format
Pieter Hintjens
ph at imatix.com
Tue Oct 15 20:28:56 CEST 2013
On Tue, Oct 15, 2013 at 8:12 PM, Tony Arcieri <bascule at gmail.com> wrote:
>> While I'm not defending MD5 at all, can a forgery m' have the same size as
>> m?
> Yes.
That's a problem then... the verification line has the content length
+ signature; easy to check if the content has been padded. But if one
can create a fake content with the same size and the same signature,
the fingerprint is meaningless.
> I didn't realize you were just calculating a key fingerprint. I don't see
> the point of doing that for Curve25519 keys, given their short length.
The key itself may be encrypted; there may also be metadata that is
also encrypted. The goal is to allow verification out of band that the
entire package wasn't replaced by a fraudulent version en-route.
-Pieter
More information about the zeromq-dev
mailing list