Tech Insider					     Technology and Trends

			      USENET Archives

Path: gmdzi!unido!mcsun!uunet!samsung!!wuarchive!
From: well! (RSA Data Security)
Newsgroups: comp.virus
Subject: Digital signatures for virus protection
Message-ID: <>
Date: 4 Nov 89 00:58:48 GMT
Sender: Virus Discussion List <VIR...@IBM1.CC.Lehigh.EDU>
Lines: 46
Posted: Sat Nov  4 01:58:48 1989

The most effective method available to detect *any* change to a
program is through the use of digital signatures.  A "message digest"
(much more mathematically secure than a checksum) is encrypted with
the private key of a public key cryptosystem (the private key may be
yours or someone you trust).  The verification process is then as

- -	recompute the message  digest
- -	decrypt the encrypted message digest with the public key
	of the "signer" - the public key need not be secret
- -	compare the two

If they match, the file is unaltered.  No one can recompute and
attach a mailicious signature since only the signer holds the private
key.  One paper by Maria Pozzo & Terry Gray of UCLA in January 1987
describes in detail how an operating system can use digital
signatures based on public key cryptosystems to execute only
"trusted" programs.

Since no one can "forge" a signature, it is possible that
software developers can "sign" their programs, essentially taking
responsibility for their contents.  This would provide a strong
incentive for the publisher to ensure a program was clean before
signing it.  Note: there are simple, effective ways to validate
public keys before using them to verify signatures.

There are inexpensive commercial products available now for DOS, Mac
OS, UNIX and VMS that do exactly this.  They use a *secure* message
digest algorithm which is 60 times faster than DES on 32 bit
machines.  The digest size is 128 bits (anything less is *not*
cryptographically secure - there are a number of papers on the

Simple uses of DES has even been shown to be unsafe for checksums; it
is vulnerable to attacks based on the birthday paradox which says
that as the number of *useful* message variants approaches the square
root of the total number of possible checksums (2^64 with DES), the
probability that an attacker can match a checksum with a useful
modified message exceeds 50%.  Since (at least in DOS) you can add
any number of bits to the end of a program without affecting its
execution, programs are particularly vulnerable.

Disclaimer: RSA Data Security designs, develops and markets the
above mentioned software.

Jim Bidzos

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO vs IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or

Electronic mail:			       WorldWideWeb: