Watermarking returns+ graphical signatures
Glenn Steen
glenn.steen at gmail.com
Fri Jul 13 20:01:18 IST 2007
On 13/07/07, Matt Hampton <matt at coders.co.uk> wrote:
> Sattler, Tim wrote:
> > Julian Field wrote:
> >
> >> Firstly, the watermarking functionality has returned. But this time it
> >
> >> is implemented differently so is safe from all patent problems. It is
> >> implemented in pretty much the same way that milter-null does it.
> >
> > We have two MailScanner gateways both handling incoming and outgoing
> > mail, so the reply to a message does not necessarily come in the
> > same way the message went out. Does the watermarking functionality
> > work in such a setup as well?
>
> Yes - the hash is calculated on the envelope from and then various
> headers within the the message itself and combined with your secret and
> a timestamp. It is then added as a header.
>
> When the message comes back in it uses the envelope to and then looks
> for the headers in the message body and checks the match and the expiry.
>
> matt
>
Right, so how crackable will this be? Some of the headers will be ever
the same, as will the secret... I suppose you've added in some headers
that will change? and something else? so that it isn't obvious, with a
little knowledge, how to brute force the secret... and then have a
"highway" past MailScanner... Which would be, obviously, very bad...:)
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list