PlayStation 3 predicts next US president
William Allen Simpson
william.allen.simpson at gmail.com
Sun Dec 2 11:26:20 EST 2007
James A. Donald wrote:
> A notary is a certifier. Have you ever seen a notary
> read the stuff he notarizes, let alone generate it?
>
Actually, I deal with notaries regularly. I've always had to
physically sign while watched by the notary. They always
read the stuff notarized, and my supporting identification,
because they are notarizing a signature (not a document).
And yes, they always generate the stamp or imprint they sign.
To do otherwise would be irresponsible (and illegal).
> Suppose you sign a contract - by signing the MD5 hash of
> the contract. Unfortunately the guy who prepared the
> contract prepared two slightly different contracts, one
> of which is more favorable to him and less favorable to
> you than the one you actually signed. Both contracts
> have the same MD5 hash.
>
I've digitally signed contracts, that I prepared and verified,
on plaintext documents using PGP. So far, I've seen no such
exploit described nor quantified.
There's this silly idea that's been floating around that a
digital signature is somehow equivalent to a human signature.
Or worse, somehow better?!?! Heck, current U.S. law counts a
digitized sound as a signature!?!?
(Folks have lost money on this snake oil. They deserved it.)
Anyway, this is irrelevant to the original topic. That is:
This implies a vulnerability in software integrity protection
and code signing schemes that still use MD5.
Please quantify your spurious allegations (and stay on topic).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list