 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / March 2007Office 2007 signature line
Greetings All, I'm not sure if this is the place to post, if not, please indicate me where to post it. I just got my hands on my new Office 2007 instalation disc, and everything was smoothly during the instalation. But I am a curious guy and was looking over each folder of the CD and I came across something very interesting. On almost each folder of the Office instalation there is a file called SETUP.XML and being a computer programmer ever since the dawn of times, I opened it up to see if I could learn something new. Every SETUP.XML file has an structure more or less like this: ----------------------------------------------------------- <?xml version="1.0" encoding="utf-8"?> <!--_SIG=[ base64 hash code ]--> <Setup Id="[Product ID]" Type="Product" ProductCode="{00000000-0000-0000-0000-000000000000}"> <PIDTemplate Value="[ProductID Template]"/> <Option /> <Option /> <Option /> </Setup> ----------------------------------------------------------- Ok as I understood from the XML file it would be pretty simple to add more options to an SETUP.XML file, and make it do almost everything... Yeah, yeah, I know about using "setup.exe /admin" to create an CONFIG.XML file that will automate the office instalation process. But like I said, I wanted to learn something new... and I did. Did you notice the [base64 hash code] above? THE HASH CODE IS 1024 BITS LONG!!!! No hash function I know generates a hash code this long... MD5, SHA1, SHA512... none of the usual suspects generates a hash value this long. I made some tests and I discovered that as long as you don't add any new element inside the XML file the file is not reported as corrupted. For instance you can add comments above the SETUP tag, or add some White Space between each element. But if you add a new element, even a comment, the file is reported corrupted and the setup process is aborted. My question is does any of you know what hash function generates a 1024 bits long hash value? And what is the function used here? Is this new function safer than the others hash functions? Regards, MstrControl On Mar 22, 6:36 pm, mstrcont...@gmail.com wrote: > Greetings All, > [quoted text clipped - 55 lines] > > MstrControl Hi, A hash is not signature and signature is not a hash. What you got is apparently RSA signature (but DSA signature could also be that size depending on the key size (when subgroup size q is about 512 bits and p is around 2048 bits). -Valery. On Mar 22, 6:36 pm, mstrcont...@gmail.com wrote: > Greetings All, > [quoted text clipped - 55 lines] > > MstrControl But, i can bet that this is RSA 1024 bits signature (one of the most used types of signature since 1979) -Valery Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.