[zeromq-dev] Proposal for ZeroMQ certificate format

Pieter Hintjens ph at imatix.com
Tue Oct 15 20:28:56 CEST 2013


On Tue, Oct 15, 2013 at 8:12 PM, Tony Arcieri <bascule at gmail.com> wrote:

>> While I'm not defending MD5 at all, can a forgery m' have the same size as
>> m?
> Yes.

That's a problem then... the verification line has the content length
+ signature; easy to check if the content has been padded. But if one
can create a fake content with the same size and the same signature,
the fingerprint is meaningless.

> I didn't realize you were just calculating a key fingerprint. I don't see
> the point of doing that for Curve25519 keys, given their short length.

The key itself may be encrypted; there may also be metadata that is
also encrypted. The goal is to allow verification out of band that the
entire package wasn't replaced by a fraudulent version en-route.

-Pieter



More information about the zeromq-dev mailing list