Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!hao!gatech!bloom-beacon!mit-eddie!apollo!rees
From: rees@apollo.uucp (Jim Rees)
Newsgroups: news.admin
Subject: Re: Forgeries: a suggestion for bringing them under control
Message-ID: <3a5b736b.b8ab@apollo.uucp>
Date: 18 Feb 88 13:51:00 GMT
References: <1861@epimass.EPI.COM> <14276@oddjob.UChicago.EDU> <586@nusdhub.UUCP>
Organization: Apollo Computer, Chelmsford, Mass.
Lines: 22


    The information used is:
    	1) the four [or less] characters directly proceding the
    		"@" in the message id.
    
    ...
    
    	Item 1 is used to generate a two-column key.  the even
    numbered columns forming one key and the odd forming the other.
    Becaues the key is basied on the accession number portion of
    the message id, no two messages from the same source user&machine
    will have the same key.

Not true.  The usenet message interchange standard only says that the
entire message-id is unique.  For some machines, like notes gateways
(never thought I'd be defending them!) and Apollos running distributed
news, the last four bytes preceeding the '@' are almost guaranteed to
be the same every time.

There are other holes in this scheme as well.  It doesn't alter the
fundamental ease with which forgeries can be made, if I understand
it correctly.