[3447] in cryptography@c2.net mail archive
Hidden WebTV signatures
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sun Oct 11 22:07:18 1998
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@c2.net
Reply-To: pgut001@cs.auckland.ac.nz
Date: Mon, 12 Oct 1998 03:30:36 (NZDT)
For those of you who don't read sci.crypt, Robert Ames <gnome@istar.ca> has
posted an article in which he observes that all WebTV posts contain an
X-WebTV-Signature: line containing base64-encoded data. For samples of
WebTV-generated posts, try the alt.weemba newsgroup, which is filled with
WebTV-user drool (caution: remember to employ protection when exposting your
mind to the content of the messages). Some samples:
X-WebTV-Signature: 1
ETAsAhQDqtur/jfleJ2CDOnNrVoeyALEQAIUOQyCBbzjx5HHfxeMERDgCjztXOU=
X-WebTV-Signature: 1
ETAtAhUAmCCzQt+Tqt6fNX+L9+gDCECaqQkCFA0YCPz5tk85mUgq7iX/u4vWvOgG
These decode into ASN.1-encoded DSA signatures, eg:
1 30 45: SEQUENCE {
3 02 21: INTEGER
: 00 98 20 B3 42 DF 93 AA DE 9F 35 7F 8B F7 E8 03
: 08 40 9A A9 09
26 02 20: INTEGER
: 0D 18 08 FC F9 B6 4F 39 99 48 2A EE 25 FF BB 8B
: D6 BC E8 06
: }
for the second one. The key isn't included in the header, presumably the
@webtv.net address can be tied to the hardware which contains some hardcoded
DSA key. I wonder if WebTV users know they're signing each message they send?
Peter.
