Greetings All,

I'm not sure if this is the place to post, if not, please indicate me
where to post it.

I just got my hands on my new Office 2007 instalation disc, and
everything was smoothly during the instalation. But I am a curious guy
and was looking over each folder of the CD and I came across something
very interesting.

On almost each folder of the Office instalation there is a file called
SETUP.XML and being a computer programmer ever since the dawn of
times, I opened it up to see if I could learn something new.

Every SETUP.XML file has an structure more or less like this:

-----------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?>
<!--_SIG=[ base64 hash code ]-->
<Setup Id="[Product ID]" Type="Product"
ProductCode="{00000000-0000-0000-0000-000000000000}">
<PIDTemplate Value="[ProductID Template]"/>
<Option />
<Option />
<Option />
</Setup>
-----------------------------------------------------------

Ok as I understood from the XML file it would be pretty simple to add
more options to an SETUP.XML file, and make it do almost everything...

Yeah, yeah, I know about using "setup.exe /admin" to create an
CONFIG.XML file that will automate the office instalation process.

But like I said, I wanted to learn something new... and I did.

Did you notice the [base64 hash code] above?

THE HASH CODE IS 1024 BITS LONG!!!!

No hash function I know generates a hash code this long... MD5, SHA1,
SHA512... none of the usual suspects generates a hash value this long.

I made some tests and I discovered that as long as you don't add any
new element inside the XML file the file is not reported as corrupted.

For instance you can add comments above the SETUP tag, or add some
White Space between each element. But if you add a new element, even a
comment, the file is reported corrupted and the setup process is
aborted.

My question is does any of you know what hash function generates a
1024 bits long hash value?
And what is the function used here?
Is this new function safer than the others hash functions?

Regards,

MstrControl

On Mar 22, 6:36 pm, mstrcont... (AT) gmail (DOT) com wrote:
Hi,
A hash is not signature and signature is not a hash. What you got is
apparently RSA signature (but DSA signature could also be that size
depending on the key size (when subgroup size q is about 512 bits and
p is around 2048 bits).
-Valery.

On Mar 22, 6:36 pm, mstrcont... (AT) gmail (DOT) com wrote:
But, i can bet that this is RSA 1024 bits signature (one of the most
used types of signature since 1979)

-Valery