5 points

Just noticed the pepper stamp lol.

permalink
report
reply
33 points

How would I verify this signature

permalink
report
reply
14 points

OCR

permalink
report
parent
reply
7 points

Type it in

permalink
report
parent
reply
3 points

What about getting the image

permalink
report
parent
reply
6 points

Which blob are you verifying?

permalink
report
parent
reply

just iQzI

permalink
report
parent
reply
1 point

That’s just nfts with extra steps /s

permalink
report
reply
5 points

*fewer

permalink
report
parent
reply
19 points
*

I hid something in this image

permalink
report
reply
4 points

Seriously? Some steganography going on in here?

permalink
report
parent
reply
4 points

Yes

Its an app on F-droid

permalink
report
parent
reply
15 points

I see that fifth puppy u aint slick

permalink
report
parent
reply
4 points
*

What if I told you…? That’s right. Six puppies.

permalink
report
parent
reply
62 points

Has anyone confirmed that signature? I think it’s not possible to have the signature as a part of the data itself. Kinda chicken egg problem

permalink
report
reply
9 points

Hold on I gotta pgp sign my PGP sign so my pgp is signed and I know who it came from.

permalink
report
parent
reply
2 points

You can but you need to define what part of the data the signature covers (a signature can’t sign itself, so it must be excluded from the data bundle). Signed PDF files has the signature appended after the document data

permalink
report
parent
reply
4 points

Exactly. And even though there are message start and end markers it’s not quite clear at which pixel the signed image starts and ends. Also the image format that is signed is not defined.

permalink
report
parent
reply
5 points

It might be possible to keep signing with a different key until it matches. But I assume the signature is of the above text.

permalink
report
parent
reply
5 points
*

I mean if you’re prepared to do it 2^128 times in a row…

permalink
report
parent
reply
1 point

Or at once if we have a big enough quantum computer.

permalink
report
parent
reply
24 points
*

*whispers* I stole that signature from cryptostorms warrant canary: https://cryptostorm.is/canary.txt

permalink
report
parent
reply
2 points

oh wow, cryptostorm is still around? cool!

permalink
report
parent
reply
8 points

You fraud.

permalink
report
parent
reply
1 point
Deleted by creator
permalink
report
parent
reply
76 points
*
9 points

Yeah that only due to md5 hash collisions though. That wouldn’t work on sha for example

permalink
report
parent
reply
23 points

I opened the comment section to ask if it was possible to have an image with its own hash.
Thanks.

permalink
report
parent
reply
13 points

It’s using a combination of multicollision attacks against MD5 and sequences of groups of alternate blocks of data representing the alphabet encoded in a way compatible with the file format.

It’s basically <[a+random]/[b+random]/[c+random]…> * (length of message). The random data is crafted by the attack tool so each block has the exact same effect on the MD5 hashing algorithm as it processes each block. You need to decide how many variable blocks you need and where and their encoding in advance. You encode the blocks so the randomness isn’t visible in the final rendered file.

When you have that prepped, you compute the final hash, then at each block position you select the block representing the letter you want (and its associated random data). So then you can select letters matching the actual file hash value.

It only works against hash functions with practical multicollision attacks. Doesn’t work on SHA256 and newer hashes.

permalink
report
parent
reply
11 points
*

md5 has been broken for years, but thats pretty damn cool scary.

permalink
report
parent
reply
5 points
*

yea would be interesting. but im also too lazy to type all that text in by hand to verify

permalink
report
parent
reply
14 points

Here:

iQIzBAEBCgAdFiEETYf5hKIig5JX/jalu9uZGunHyUIFAmaB8YEACgkQu9uZGunH yUKi7Q/+OJPzHWfGPtzk53KnMJ3C8KQGEUCzKkSKmE0ugdI 9h1Lj4SkvHpKWECK Y1GxNujMPRM/aAS2M97AEbtYolenWzgYm01wt131/hEG4tk+iYeB2Sfyvngbg5KI y4D7mapcVWYSf6S13vUX8VuyKeTxK6xdkp95E0wPVLfJwx505nHOnjLXxeW0IblY URLonem/yuBrJ6Ny3XX9+sKRKcdI9tOghMhTxPcQySXcTx1pAG7YE7G5UqTbJxis wy7LbYZB5Yy0F03CtRIkA+cclG4y2RMM9M9buHzXTWCyDuoQao68yEVh40dqwH1U 5AUnqdve5SiwygF/vc50Ila6VjJ4hyz1qVQnjqqD96p7CSVzVudLDDZMQZ8WvgLh gaEr51xJvH6p6/CP1ji4HHucbJf6BhtSqc8ID9KFfaXxjfZHiUtgsVDYMV0e7u9v 1hcDH/3kmw/JImX25qsEsBeQyzOJsBvx0YD31ZIwSY9+7KNGVQstFrEvCuVPHr72 BQJPIhg3+9g6m36+9Uhs1N6b8G9DsZ60gnNqr9dGturUg6CtRsLSpqoZq0ET9cLA tnFTJDaXgx1DZnsLGDSoQQYjZ3vS+YYZ8jG86KGLEyXVK+uSssvorm9YR1/GGOy7 suaxro72An+MxCczF5TIR9n3gisKvcwa8ZbdoaGd9cigyzWlYg8= =EgZm

permalink
report
parent
reply
4 points
----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETYf5hKIig5JX/jalu9uZGunHyUIFAmaB8YEACgkQu9uZGunH
yUKi7Q/+OJPzHWfGPtzk53KnMJ3GC8KQGEUCzKkSKmE0ugdI9h1Lj4SkvHpKWECK
Y1GxNujMPRM/aAS2M97AEbtYolenWzgYmO1wt131/hEG4tk+iYeB2Sfyvngbg5KI
y4D7mqpcVWYSf6S13vUX8VuyKeTxK6xdkp95E0wPVLfJwx5o5nH0njLXxeW0IblY
URLonem/yuBrJ6Ny3XX9+sKRKcdI9tOqhMhTxPcQySXcTx1pAG7YE7G5UqTbJxis
wy7LbYZB5Yy0FO3CtRIkA+cclG4y2RMM9M9buHzXTWCyDuoQao68yEVh4OdqwH1U
5AUnqdve5SiwygF/vc50Ila6VjJ4hyz1qVQnjqqD96p7CSVzVudLDDZMQZ8WvqLh
qaFr51xJvH6p6/CP1ji4HHucbJf6BhtSqc8ID9KFfaXxjfZHiUtgsVDYMV0e7u9v
lhcDH/3kmw/JImX25qsEsBeQyzOJsBvxOYD3lZrwSY9+7KNGVQstFrEvCuVPHr72
BQJPIhg3+9g6m36+9Uhs1N6b8G9DsZ6OgnNqr9dGturUg6CtRsLSpqoZq0FT9cLA
tnFTJDaXgx1DZnsLGDSoQQYjZ3vS+YYZ8jG86KGLFyXVK+uSssvorm9YR1/GGOy7
suaxro72An+MxCczF5TIR9n3gisKvcwa8ZbdoaGd9cigyzWlYg8=
=EgZm
----END PGP SIGNATURE-----
permalink
report
parent
reply

linuxmemes

!linuxmemes@lemmy.world

Create post

Hint: :q!


Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules
2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of “peasantry” to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
4. No recent reposts
  • Everybody uses Arch btw, can’t quit Vim, and wants to interject for a moment. You can stop now.

 

Please report posts and comments that break these rules!


Important: never execute code or follow advice that you don’t understand or can’t verify, especially here. The word of the day is credibility. This is a meme community – even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don’t fork-bomb your computer.

Community stats

  • 6.6K

    Monthly active users

  • 1.1K

    Posts

  • 24K

    Comments