With reference to Securing the Assignment Submission Protocol (Koh, Nov 05) which propose a way of securing the ASP against the attack highlighed in An Attack on Assignment Submission System (Teo, Nov 05), the author would like to comment on a possible weakness in the securing mechanisim, namely by questioning the validity of an assumptom made.

While the protocol goes to great length to ensure that k would be completely random and assumes to be hard to reproduce, the weak link is in the verification of the correctness of the signature.

The verification process is done my visually comparing a photograph of a swath of k against the actual colour of the signature. The human eye is easily tricked as can be seen in this example. Also taking a photograph quantizes k to one of about 65 million possible values. Coupled with the fact that lighting would corrupt the phototaking process, the validation key given the to students is not accurate given such a large threshold of error.

Therefore someone with malicious intent, Mallory does not have to reproduce the exact k which George picked but produce something close to the original which still lies within the large threshold of error. Furthermore, none of the students, including Bob has a record of the pattern created by Ah Meng thus Mallory can simply erase the existing signature with turpentine, and create a new pattern with his fake but undetectable k on a different mailbox, as in an adaptation to the attack described by Teo.