Watermarking returns+ graphical signatures

--[ UxBoD ]-- uxbod at splatnix.net
Fri Jul 13 20:08:09 IST 2007 

Glenn,

Have it installed now, and the fact that MD5 is being used then I would
imagine very secure.  I have not looked at the code yet to see how easy it
would be to reverse engineer, but I reckon that all is good.

I am still disappointed that no one has posted the patent pending number
for the FSL solution.  Would be very intestering reading, especially due to
what this watermark is doing and without effecting the US patent ie.
additional header and encrypted with key.

Regards,

On Fri, 13 Jul 2007 21:01:18 +0200, "Glenn Steen" <glenn.steen at gmail.com>
wrote:
> On 13/07/07, Matt Hampton <matt at coders.co.uk> wrote:
>> Sattler, Tim wrote:
>> > Julian Field wrote:
>> >
>> >> Firstly, the watermarking functionality has returned. But this time
> it
>> >
>> >> is implemented differently so is safe from all patent problems. It is
>> >> implemented in pretty much the same way that milter-null does it.
>> >
>> > We have two MailScanner gateways both handling incoming and outgoing
>> > mail, so the reply to a message does not necessarily come in the
>> > same way the message went out. Does the watermarking functionality
>> > work in such a setup as well?
>>
>> Yes - the hash is calculated on the envelope from and then various
>> headers within the the message itself and combined with your secret and
>> a timestamp. It is then added as a header.
>>
>> When the message comes back in it uses the envelope to and then looks
>> for the headers in the message body and checks the match and the expiry.
>>
>> matt
>>
> Right, so how crackable will this be? Some of the headers will be ever
> the same, as will the secret... I suppose you've added in some headers
> that will change? and something else? so that it isn't obvious, with a
> little knowledge, how to brute force the secret... and then have a
> "highway" past MailScanner... Which would be, obviously, very bad...:)
> 
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
-- 
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list