[Enigmail] Solved: PGP indicates enigmail signed messages are invalid
Robert J. Hansen
rjh at sixdemonbag.org
Mon Apr 13 17:54:20 PDT 2009
Faramir wrote:
> Sorry, I tried to refer to the forged 509 certificate which had a
> signature made using MD5. That required more than 1 month IIRC, and a
> cluster of PSP, which is something very few people can do... so for
> "normal" people, it would be "unreasonable but feasible". I should have
> been more clear about that.
For a normal attacker, this network can be had for under $1000 and a
couple of hours of time. It's called a botnet, and they're available
for rent.
This is normal, reasonable, and /very/ feasible.
A common mistake people made when determining capabilities is to say,
"well, I don't know how I'd do it, so that means nobody does." The
reality is that scoundrels and rogues are often exceptionally skilled in
their skulduggery.
More information about the Enigmail
mailing list