Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Let's not pretend cryptographic signing of emails makes them immune to tampering. This makes it essentially a guarantee that they were not modified between Point A and Point B but that's about it.

I'm not saying they were or weren't modified nor am I saying it's even a good theory they were modified but we shouldn't make cryptographic signing sound more capable than it is.



? Can you explain? My understanding is that the signatures are still on the dumped emails and that one purpose of digital signatures is non repudiation - essentially immunity to tampering.


The most obvious method of attack is to steal the email server's private key. Something a state level attacker is probably capable of.

There were a few other methods of attack proposed when this first came out. The most likely was the vulnerability of 1024 bit RSA that was used here. There are concerns that 1024 bit RSA may be vulnerable to well financed attackers.


Has anybody alleged that the private key was stolen or cracked? Can you cite anything at all or is this just conspiracy theory?


It's not a conspiracy theory because I'm not alleging it happened, but it is likely something that the Russian government is capable of.

Given that very real possibility, the digital signatures aren't ironclad proof, which is what the poster above was saying.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: