[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [SIGNATUR] Re: Bruteforce-cracking af PID (was: Certifikat tilAnders And)



man, 2002-07-08 kl. 22:01 skrev E. Sjørlund:

> Med fare for at dumme mig gevaldigt (jeres skriv har været lidt langhåret
> for mig), så vil jeg da lige nævne, at der ikke indgår noget CPR-nummer i
> den anmodning om certifikat, som en bruger danner.

Det ville hjælpe meget hvis man kunne påvise at PID-nummeret produceres
før den pågældende CA har mulighed for at kende CPR-nummeret. 

> KMD bruger ens CPR-nummer i forbindelse med udleveringen af certifikatet som
> en kontrol af, at man er hver man næsten har sagt (ikke Joregen;)
> KMD har en datambase med en kobling af ens CPR-Nummer og ens certifikat.
> Hvis man ikke direkte har adgang til denne database, kan jeg ikke se,
> hvordan man skulle kunne udlede et CPR-nummer ud fra den digitale signatur,
> uanset al matematikken.

Det får jeg også at vide fra flere hold, men hvordan kan man kontrollere
at det faktisk er sandt? Der er intet der forbyder eller forhindrer en
CA. i at lave en kobling som ovenstående. 

> Hvor er det, at jeg er gået tabt? Hvor er det, at I finder ens CPR-nummer i
> det her system?

Forudsætningen for mine konklusioner er, at CPR-nummeret indgår i
PID-nummeret vha. en algoritme. Hvis den forudsætning ikke holder, så
holder konklusionerne heller ikke. 

-- 
med venlig hilsen, Anna Jonna Armannsdottir       
                       ...ooO0Ooo...
The central design principle is to create an artificial witness which
is capable of intercepting any and all relevant activity during,
after, and even leading up to the commission of a computer crime.
         http://cultdeadcow.com/details.php3?listing_id=425 



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 20:33 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *