PlayStation 3 predicts next US president
William Allen Simpson
william.allen.simpson at gmail.com
Sun Dec 9 20:33:53 EST 2007
Personally, I thought this horse was well drubbed, but the moderator let
this message through, so he must think it important to continue....
James A. Donald wrote:
> William Allen Simpson wrote:
> > The notary would never sign a hash generated by
> > somebody else. Instead, the notary generates its own
> > document (from its own tuples), and signs its own
> > document, documenting that some other document was
> > submitted by some person before some particular time.
>
> And how does it identify this "other document"?
>
Sorry, obviously I incorrectly assumed that we're talking to somebody
skilled in the art....
Reminding you that several of us have told you that a notary has the
document in her possession; and binds the document to a person; and that
we have rather a lot of experience in identifying documents (even for
simple things like email), such as the PGP digital timestamping service.
Assuming,
Dp := any electronic document submitted by some person, converted to its
canonical form
Cp := a electronic certificate irrefutably identifying the other person
submitting the document
Cn := certificate of the notary
Tn := timestamp of the notary
S() := signature of the notary
S( MD5(Tn || Dp || Cp || Cn) ).
Of course, I'm sure the formula could be improved, and there are
traditionally fields identifying the algorithms used, etc. -- or something
else I've forgotten off the top of my head -- but please argue about the
actual topic of this thread, instead of incessant strawmen.
> The notary is only safe from this flaw in MD5 if you
Another statement with no proof. As the original poster admitted, there is
not a practical preimage or second preimage attack on MD5 (yet).
> assume he is not using MD5 for its intended purpose.
>
As to "its intended purpose", rather than making one up, I've always relied
upon the statement of the designer:
... The MD5
algorithm is intended for digital signature applications, where a
large file must be "compressed" in a secure manner before being
encrypted with a private (secret) key under a public-key cryptosystem
such as RSA.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list