23 Feb
2017
23 Feb
'17
7:48 p.m.
On Thu, 23 Feb 2017 19:28:44 -0500, Jon Lewis said:
Doing it with an ASCII document, source code, or even something like a Word document (containing only text and formatting), and having it not be obvious upon inspection of the documents that the "imposter" document contains some "specific hash influencing 'gibberish'" would be far more disturbing.
Keep in mind that there's *lots* of stuff that people might want to sign that aren't flat ASCII. For instance, the video that just came out of that police officer's bodycam. If the "gibberish" is scattered across the pixels, you'll never know. And let's face it - if you need to do an inspection because you don't trust the hash to have done its job - *the hash has failed to do its job*.