On Thu, 5 Jan 2006 16:15:41 +0100, Daniel A Nagy said:
whitespace. This transformation can be used in OpenPGP too. In order to
prevent arbitrary wraps, the length of actual lines should be maximized in
64 characters, with longer lines broken in the above described fashion (with
a whitespace in the beginnig of the trailing part).
This could be used to attack a message in this way:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Comment: Created by SEOpenPGP
_
_The account to transfer the money to is
_ 123455667 at Phishers Bank Inc., Caiman Islands
_
_
_Regards,
_ Robert T. Offline
_
_--
_This message is integrity protected. Make sure that
_the popup window or status line showed that the
_signature is good.
_
_
_
[More pseudo blank lines to scroll stuff away]
The account to transfer the money to is
47110815 at Eco Bank, Frankfurt
Regards,
Robert T. Offline
-----BEGIN PGP SIGNATURE-----
[...]
By replacing the underscore with an invisible character this is close
to perfect but even with an underscore or an "> ", many users will
assume that the "Comment" line is just one line and the rest is
actually the signed message.
Shalom-Salam,
Werner