[luau] IMPORTANT - Upcoming List Policy
Jim McQueeney
jajom at lava.net
Fri Sep 6 12:07:01 PDT 2002
On 9/6/2002 11:20 Eric Hattemer wrote:
> The basic idea behind the gpg checksum in an email is that its a code that
> uniquely distinguishes mon motha. If you go into your mail client and set
> the from line to "MonMotha" and throw his email address in there, there's no
> other way to verify that its actually from him. With a little big of
> hacking, I could get my email to even say that its originating from his IP
> address. The things I don't understand about the gpg is
>
> 1. who actually checks them
> 2. What's to keep me from copying yours and throwing it in my mails?
>
The GPG signature verifies not only that the message is from a specific
'key holder' but also that the message has not changed or been modified in
any way.
Copying someones message signature and pasting it into another message
will do nothing for verifying the message has not been changed and will
always show as a bad signature.
The way it works is that the entire message (between the begin and end
marks) is fed through a hash function and the digest is encrypted as the
signature along with some identifying information. When the signature is
checked, the message is again sent through the hash function and the
oputted digest is checked against the encrypted version. If they are
identical, the signature is good, otherwise not...
I always check signatures, by the way...
--
*Jim McQueeney <jajom at lava.net> ***
** PGP/GPG ** RSA: 0x45A3FB5D *****
**** Keys *** DH.: 0xA82248FD *****
************* DH.: 0x41B6F689 *****
More information about the LUAU
mailing list