Re: Unicode and Security

• Previous message: Barry Caplan: "Re: Unicode and Security"
• In reply to: Elliotte Rusty Harold: "Re: Unicode and Security"
• Next in thread: Michael Everson: "Re: Unicode and Security"
• Next in thread: David Starner: "Re: Unicode and Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Thu, Feb 07, 2002 at 12:22:18PM -0500, Elliotte Rusty Harold wrote:
> Interestingly, my attack works with a single character representation
> (Unicode). It is not dependent on multiple charsets.

It also works with EUC-JP (and other Japanese charsets), all 8-bit
Russian representations, all 8-bit Greek representations . . .

> The problem needs to be fixed closer to the source.

How about a solution that doesn't involve the destruction of Unicode as
a useful tool? The fact that MD5 sums matching doesn't prove that the
files match is not a bug in MD5 sums. Likewise, the fact that glyphs may
look alike in a _character_ is not a bug in the character encoding.

-- 
David Starner - starner@okstate.edu, dvdeug/jabber.com (Jabber)
Pointless website: http://dvdeug.dhis.org
What we've got is a blue-light special on truth. It's the hottest thing 
with the youth. -- Information Society, "Peace and Love, Inc."

• Previous message: Barry Caplan: "Re: Unicode and Security"
• In reply to: Elliotte Rusty Harold: "Re: Unicode and Security"
• Next in thread: Michael Everson: "Re: Unicode and Security"
• Next in thread: David Starner: "Re: Unicode and Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.2 : Thu Feb 07 2002 - 12:44:57 EST