linuxmemes @lemmy.world shoki @lemmy.world 4 mo. ago

-----BEGIN PGP SIGNED MEME-----

53 comments

Is this one of those NFTs the kids are talking about?
- It's actually quite similar. Non-fungible since only OP has the private key but easy to steal by just downloading the image (and cropping the key if you want).
Has anyone confirmed that signature? I think it's not possible to have the signature as a part of the data itself. Kinda chicken egg problem
- Here you go:
  
  https://www.bleepingcomputer.com/news/security/this-image-shows-its-own-md5-checksum-and-its-kind-of-a-big-deal/
  
  (MD5 is not PGP, but impressive nonetheless)
  
  I opened the comment section to ask if it was possible to have an image with its own hash.
  Thanks.
  
  md5 has been broken for years, but thats pretty damn ~~cool~~ scary.
  
  Yeah that only due to md5 hash collisions though. That wouldn't work on sha for example
- *whispers* I stole that signature from cryptostorms warrant canary: https://cryptostorm.is/canary.txt
  
  You fraud.
  
  oh wow, cryptostorm is still around? cool!
- Hold on I gotta pgp sign my PGP sign so my pgp is signed and I know who it came from.
- yea would be interesting. but im also too lazy to type all that text in by hand to verify
  
  Here:
  
  iQIzBAEBCgAdFiEETYf5hKIig5JX/jalu9uZGunHyUIFAmaB8YEACgkQu9uZGunH yUKi7Q/+OJPzHWfGPtzk53KnMJ3C8KQGEUCzKkSKmE0ugdI 9h1Lj4SkvHpKWECK Y1GxNujMPRM/aAS2M97AEbtYolenWzgYm01wt131/hEG4tk+iYeB2Sfyvngbg5KI y4D7mapcVWYSf6S13vUX8VuyKeTxK6xdkp95E0wPVLfJwx505nHOnjLXxeW0IblY URLonem/yuBrJ6Ny3XX9+sKRKcdI9tOghMhTxPcQySXcTx1pAG7YE7G5UqTbJxis wy7LbYZB5Yy0F03CtRIkA+cclG4y2RMM9M9buHzXTWCyDuoQao68yEVh40dqwH1U 5AUnqdve5SiwygF/vc50Ila6VjJ4hyz1qVQnjqqD96p7CSVzVudLDDZMQZ8WvgLh gaEr51xJvH6p6/CP1ji4HHucbJf6BhtSqc8ID9KFfaXxjfZHiUtgsVDYMV0e7u9v 1hcDH/3kmw/JImX25qsEsBeQyzOJsBvx0YD31ZIwSY9+7KNGVQstFrEvCuVPHr72 BQJPIhg3+9g6m36+9Uhs1N6b8G9DsZ60gnNqr9dGturUg6CtRsLSpqoZq0ET9cLA tnFTJDaXgx1DZnsLGDSoQQYjZ3vS+YYZ8jG86KGLEyXVK+uSssvorm9YR1/GGOy7 suaxro72An+MxCczF5TIR9n3gisKvcwa8ZbdoaGd9cigyzWlYg8= =EgZm
- It might be possible to keep signing with a different key until it matches. But I assume the signature is of the above text.
  
  I mean if you're prepared to do it 2^128 times in a row...
- You can but you need to define what part of the data the signature covers (a signature can't sign itself, so it must be excluded from the data bundle). Signed PDF files has the signature appended after the document data
  
  Exactly. And even though there are message start and end markers it's not quite clear at which pixel the signed image starts and ends. Also the image format that is signed is not defined.
- signature in-band with the datastream is not an issue when using public keys. the signed message to be verified is delimited.
PGP? Surely you mean GnuPG.
- (Open)PGP is the protocol, GPG is just one application that implements it.
  
  Right. OpenPGP is the protocol. PGP is the original app, which predates the spec.
  
  Those names get really really confusing. I used GPG to use a PGP key. I get mixed up too much.
- Yeah, you're right. Who thought that it was a good idea to name two things that mean a similar thing PGP and GPG? It is so easy to use the wrong one..
  
  I try to keep things simple by only using GGG or PPP.
  
  Pretty Good Privacy (proprietary original)
  
  GNU Privacy Guard (open source clone)
  
  OpenPGP is the shared spec
- Oh not this again... 😂
How would I verify this signature
- OCR
- Type it in
  
  Which blob are you verifying?
  
  What about getting the image
I hid something in this image
- I see that fifth puppy u aint slick
  
  What if I told you..? That's right. Six puppies.
- Seriously? Some steganography going on in here?
  
  Yes
  
  Its an app on F-droid
Green is my pepper! 🫑
Just noticed the pepper stamp lol.
That's just nfts with extra steps /s
- *fewer

You've viewed 53 comments.