Requia Posted December 4, 2009 Report Share Posted December 4, 2009 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 Hi guys, my name is Sleepib and I just wanted to let everyone know I like caek, and totally pointless and easily bypassed security measures. So yeah, I'm totally Sleepib. Don't believe me? Take a look at my signature, see I told you I'm Sleepib.... -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) iQIcBAEBAgAGBQJLFZJxAAoJEAQg0glIIpMBFZsQAKi+3C9M71kDqDnQbDAIjiGx sreSyQ541r0PsLFvix1Ft8PHp+JycOKFa73aqRDQS6kLzr9kjav+d2kx0dxMCGUT lPgG+2w87F415H+kpS27QzumZyOUy7hzsq8y9Kihbkq0OcAFDU6l8jEqwpWK70WQ 3e5ikN8fHxpErB8AeD3Ht+vYf6c0AuS49X/cOpTkVFQIH/Eies+/VckSTO5QcGFP +76te8M8ZXk2qvBJlVnhCPyLzKlfQ2VZKI5/5yGOLuovFJykjuh5fZforQRN6qeS himKiGWhycWLxbGMFZ6vJQIkIaKC/kZORHcUiyIEZq7YngXHqS/Byb5qddebOJ0Y lFzQwYB0OU83Lo0V3menzykzM905YQqnf4AGFH0mNTYtGLF2NdIQKw7K7ll1ze27 xVO+R4Uu/7gBUKQkUhV3m0WpSUazcnimID2yU9xfaVdrMXDLq6oKSncfkrZZ/Q4S xCuWHvFe7pYL0Z3KzGIQCvENXpCSSJYbKtXM4Me3TK+87Rr76jOEnivJ7Mvz+VAb yKXipEOy/3QtlYiyBIj0ViFiX9mDDc+U08u7dq1eYcFhu1tSO+iO2QMAVh5M7PlX U48OUxlQB7F0yxYyg5r4wTQXe2VPc7l1tpdayFcLEecuHAUZfh2ZMow0sHt34DPT WczxnG52BvsUAyRimBfY =qJT0 -----END PGP SIGNATURE----- This can be SO easily defeated by copy paste, why bother? Um, no, that failed to defeat it, it shows up as invalid to me, Quote Link to comment Share on other sites More sharing options...
Mergerberger II Posted December 4, 2009 Report Share Posted December 4, 2009 I fail to see why this is necessary in any way, shape, or form. Even if it was, I would not annoy the community by putting massive codes on every one of my posts so that they could 'ensure it was me'. The whole 'username' thing works quite nicely. Quote Link to comment Share on other sites More sharing options...
SleepiB Posted December 4, 2009 Author Report Share Posted December 4, 2009 if you read my OP, it applies to posts made by other people on my behalf, and to non-CN avenues of communication I would just stick the sig in a spoiler tag if it wasn't against the rules....... Quote Link to comment Share on other sites More sharing options...
Michael Schumacher Posted December 4, 2009 Report Share Posted December 4, 2009 I will trust that anything I receive from you Sleepi actually came from you. Quote Link to comment Share on other sites More sharing options...
Haflinger Posted December 4, 2009 Report Share Posted December 4, 2009 This is not a bad idea actually. Hmm, maybe it's time to generate a new keypair again. Quote Link to comment Share on other sites More sharing options...
Tomcat Posted December 4, 2009 Report Share Posted December 4, 2009 I could see people using this if the code could be shortened to a single line of text instead of that massive wall. Until then, thanks but no thanks. Quote Link to comment Share on other sites More sharing options...
Nintenderek Posted December 4, 2009 Report Share Posted December 4, 2009 if you read my OP, it applies to posts made by other people on my behalf, and to non-CN avenues of communicationI would just stick the sig in a spoiler tag if it wasn't against the rules....... And how would you stop people from copying the authentication code again? Quote Link to comment Share on other sites More sharing options...
SleepiB Posted December 5, 2009 Author Report Share Posted December 5, 2009 And how would you stop people from copying the authentication code again? By *not* giving out my private key. Quote Link to comment Share on other sites More sharing options...
Prime minister Johns Posted December 5, 2009 Report Share Posted December 5, 2009 People tend to say things in a particular recognizable fashion (Vocabulary, Favorite sayings, Common grammar/spelling mistakes, ect...) and if you are reasonably active you will gain experience with this for the active people (and usually important) and be able to tell if someone is being impersonated. Quote Link to comment Share on other sites More sharing options...
leprecon Posted December 5, 2009 Report Share Posted December 5, 2009 (edited) And how would you stop people from copying the authentication code again? I know people don't trust this way of authentication, but trust me, it is the kind that works. (simple wiki link) Anyways, this can be avoided by posting publicly who your alliance leaders are each time it changes, and only accepting alliance announcements if they have been made by one of those leaders. This kind of protection only protects against people hacking your cn forums account and making posts in your name. Knowing who rules a certain alliance is not always a matter of knowing who is who. When it has come so far that an alliances leadership is in dispute, a simple verification from one party will not suffice. Edited December 5, 2009 by leprecon Quote Link to comment Share on other sites More sharing options...
kriekfreak Posted December 5, 2009 Report Share Posted December 5, 2009 Who cares. Especially about TSO? Quote Link to comment Share on other sites More sharing options...
Requia Posted December 5, 2009 Report Share Posted December 5, 2009 (edited) And how would you stop people from copying the authentication code again? You don't, but the signature is a one time thing, if you write a different message you get a different sig. Only somebody with the private key can make a sig that matches the public key. Edit: If things are set up the way I have it and you try to copy/paste the code it looks like this: Of course if nobody else is set up like me that limits the usefulness. I could see people using this if the code could be shortened to a single line of text instead of that massive wall.Until then, thanks but no thanks. Moving to DSA instead of RSA would help here. The public key is still massive but the signatures are smaller. Example -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In publishing and graphic design, lorem ipsum[p][1][2] is the name given to commonly used placeholder text (filler text) to demonstrate the graphic elements of a document or visual presentation, such as font, typography, and layout. The lorem ipsum text, which is typically a nonsensical list of semi-Latin words, is a hacked version of a Latin text by Cicero, with words/letters omitted and others inserted, but not proper Latin[1][2] (see below: History and discovery). The closest English translation would be "pain itself" (dolorem = pain, grief, misery, suffering; ipsum = itself). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.10) iEYEARECAAYFAksaYYwACgkQVSQziwksKA1o4wCdGKY4GiJfdoRL0UYlB7i9JtsY 90cAoKJ7jJQvEOGkKwV9KYzwgHNq2ZWV =YD2a -----END PGP SIGNATURE----- Edited December 5, 2009 by Requia Quote Link to comment Share on other sites More sharing options...
SleepiB Posted December 5, 2009 Author Report Share Posted December 5, 2009 or i could just post a link to the signature instead of putting it inline. Quote Link to comment Share on other sites More sharing options...
JCFalkenberg Posted December 5, 2009 Report Share Posted December 5, 2009 tbh, I doubt this will ever be necessary for me, but wth, its fun :v -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.12 (MingW32) mI0ESxrSRgEEAKdT22fVBabPM7tkSTtOo0tIgqRAXuXoN7MVk53ByOoNj5AGP8WL aLzWIqZ+wcGY3Fkc95tFL5pdqHMuccN45lEwCKf6dudEGG3rdYkSI1cVyCJHtxxj kxHIZUpg3wuC6+LrhROeHc4n10RiwcGuau8VtNrWdZ5tILThe8n6/L6hABEBAAG0 IkpDRmFsa2VuYmVyZyA8am9uZG9lOEBob3RtYWlsLmNvbT6IvgQTAQIAKAUCSxrS RgIbLwUJAeEzgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQAW3IvpG9Y61r NQP9GrEq4SPr3CD5R0MvCZ5GAtL7I6alu7+M+MVkzY1jIsNQK7fgWdBNKT861nc8 MVwbXjT3Q20p5/LhK/BLhc7CEN19bjW5rNBXRzfC0SRULce3/SEgFTkaryzpnf/c 4PaqKihTuH+p5HFAO4l50v5mN3h8lTEdDfJR8z5RRt5FwkS4jQRLGtJGAQQA7y+W LWqyAw+F3Df9wMUY6bEvcwkaFaqud7Zr/1C13Zs/aGiK9RJtSzroXBdQQuJanN1o 1mjyWK00sPd0c9GFKz8V5CpvTKJMIXXzV0pA3FJJ+rBsW+jRYQriAzZtSc6mmn9H pxB0BlzEGIHQwShqKaa4yhdIJ/bOpk9ZJK5DltkAEQEAAYkBQwQYAQIADwUCSxrS RgIbLgUJAeEzgACoCRABbci+kb1jrZ0gBBkBAgAGBQJLGtJGAAoJEEQk3C/3j0Bc I6wEAOlZx87eXBO7VQO6K0pQZEaf8uk2Pv96Es0aYzW6qAJjtKKPtP6ogqkQ+Tej 5m6Xq+yjsJJ7quhDYGEC6LRPwfwKX9JOWl5l8SAccvjOYHFKDkK1Ts36ygCzrXWE tSLetYy1h3EnFcRZX1E+i1TFHc/cqEeKEGu+glj9i4nseVy8EXEEAJdrkj4a8hKg 4r/BA2nVSeFTCV+O6KXs2oJ878mb8c21bPgU+YkIT5hV0qrXZOlYyhaJkqYugNxQ m7a/m0g0WHDOWoPwKGIFYmDut6W7KO7SEcs9j71PxKr0M7N43o76MNelC6qbn+sD DO9BFBcUYonsARDgostxlS7xCHdQwmKu =1ALM -----END PGP PUBLIC KEY BLOCK----- Quote Link to comment Share on other sites More sharing options...
Requia Posted December 5, 2009 Report Share Posted December 5, 2009 or i could just post a link to the signature instead of putting it inline. A good idea really, especially since the final adding of images, other signatures etc might invalidate the signature. Quote Link to comment Share on other sites More sharing options...
Tick1 Posted December 6, 2009 Report Share Posted December 6, 2009 By *not* giving out my private key. Cybernation forum passwords? What? Who'd have thought. Quote Link to comment Share on other sites More sharing options...
LOLtex Posted December 6, 2009 Report Share Posted December 6, 2009 I'm so confused. Quote Link to comment Share on other sites More sharing options...
TailsK Posted December 6, 2009 Report Share Posted December 6, 2009 What's to stop someone from posting a false key, or giving you false information to begin with? Quote Link to comment Share on other sites More sharing options...
Biazt Posted December 6, 2009 Report Share Posted December 6, 2009 The only problem here is this thread. Quote Link to comment Share on other sites More sharing options...
Haflinger Posted December 6, 2009 Report Share Posted December 6, 2009 All the people here who are confused as to how the OP would, in fact, actually make for more secure authentication need to read this: http://en.wikipedia.org/wiki/Public-key_cryptography Quote Link to comment Share on other sites More sharing options...
Tick1 Posted December 6, 2009 Report Share Posted December 6, 2009 I'm not confused. I'm just not worried. Quote Link to comment Share on other sites More sharing options...
Caffine Posted December 7, 2009 Report Share Posted December 7, 2009 Sticking it on !@#$%* and then linking it would work, and just be a single line on the post. Quote Link to comment Share on other sites More sharing options...
Crimius Posted December 7, 2009 Report Share Posted December 7, 2009 good idea. I would only include this on DoWs or treaty cancellations, though, since those are the only things where authenticity might matter. Quote Link to comment Share on other sites More sharing options...
Ejayrazz Posted December 7, 2009 Report Share Posted December 7, 2009 The only problem here is this thread. The problem is your avatar. Quote Link to comment Share on other sites More sharing options...
Louisa Posted December 7, 2009 Report Share Posted December 7, 2009 This is to certify that any and all persons, people and posters reading this are hereby entitled to use my name as authentication for whatsoever need they may have, unto eternity. /s/ Louisa, [titles and etc] Have things seriously gone so far that we need encrypted gibberish as signatures to treaties and similar? (If it has, then my stuff above is yours for the taking, and may it bring you hours of joy and comfort in your otherwise sad and empty lives ) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.