PlayStation 3 predicts next US president
Dirk-Willem van Gulik
dirkx at webweaving.org
Wed Dec 5 04:55:03 EST 2007
On Dec 3, 2007, at 2:47 PM, William Allen Simpson wrote:
> Dirk-Willem van Gulik wrote:
>
>> Keep in mind that the notary is still 'careful' -- effectively they
>> sign the hash -- rather than the document; and state either such
>> (e.g. in the case of some software/code where you do not hand over
>> the actual code) or state that _a_ document was presented with said
>> hash.
>>
> And that makes all the difference. The digital notary is not
> certifying the
> original document. You described the notary generating its own tuples
> (credentials as presented, the hash, a timestamp, and a notarized
> declaration
> that such was presented). There is no problem, and the described
> attack does
> not apply.
Not sure - lets take a similar example - the role of Chamber of
Commerce in repetitive/renewal public tender/bid processes - who
essentially makes you use an RFC 3161 service to sign any MD5 (Well -
SHA1 is the actual default) for companies; typically a PDF or Word
document of a bid for the purpose of 'locking' in the date of
sumbission. And on unsealing day, which for tax reasons can be months
later, the govt. entity just checks the MD5's versus the RFC3161
attest. (The reason for this time-stamping is threefold a) make it
fair between entities regardless as to how good their postal system
is, b) 'date of postoffice' is a bit buyable in some places of the
world and c) some bid processes require the digital document to be
hand delivered on sealing day to alleviate the confidentially burden
of the govt. of keeping the bids secure).
An in-house Mallory (at the bidder) may well want to tweak things a
bit and make several doctored copies with different bid levels; and
send in the one joint MD5 through the RFC3161 service.
And then depending on the information leaking/gossip of the industry -
choose later than the others which one to 'really' submit. As its
competitors, as is common in the industry, tend to get a lot less
tight lipped once the deadline has passed.
What is new is that Mallory can generate several documents with the
same MD5 with a few days of 'work'.
That endagers workflows where you assume that a party cannot
intentionally create more than one asset with has the same MD5.
Dw
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list