PlayStation 3 predicts next US president

William Allen Simpson william.allen.simpson at
Sun Dec 2 11:26:20 EST 2007

James A. Donald wrote:
> A notary is a certifier.  Have you ever seen a notary
> read the stuff he notarizes, let alone generate it?
Actually, I deal with notaries regularly.  I've always had to
physically sign while watched by the notary.  They always
read the stuff notarized, and my supporting identification,
because they are notarizing a signature (not a document).

And yes, they always generate the stamp or imprint they sign.
To do otherwise would be irresponsible (and illegal).

> Suppose you sign a contract - by signing the MD5 hash of
> the contract.  Unfortunately the guy who prepared the
> contract prepared two slightly different contracts, one
> of which is more favorable to him and less favorable to
> you than the one you actually signed.  Both contracts
> have the same MD5 hash.
I've digitally signed contracts, that I prepared and verified,
on plaintext documents using PGP.  So far, I've seen no such
exploit described nor quantified.

There's this silly idea that's been floating around that a
digital signature is somehow equivalent to a human signature.
Or worse, somehow better?!?!  Heck, current U.S. law counts a
digitized sound as a signature!?!?

(Folks have lost money on this snake oil.  They deserved it.)

Anyway, this is irrelevant to the original topic.  That is:

   This implies a vulnerability in software integrity protection
   and code signing schemes that still use MD5.

Please quantify your spurious allegations (and stay on topic).

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list