PlayStation 3 predicts next US president

William Allen Simpson william.allen.simpson at
Sun Dec 9 20:33:53 EST 2007

Personally, I thought this horse was well drubbed, but the moderator let
this message through, so he must think it important to continue....

James A. Donald wrote:
> William Allen Simpson wrote:
>  > The notary would never sign a hash generated by
>  > somebody else.  Instead, the notary generates its own
>  > document (from its own tuples), and signs its own
>  > document, documenting that some other document was
>  > submitted by some person before some particular time.
> And how does it identify this "other document"?
Sorry, obviously I incorrectly assumed that we're talking to somebody
skilled in the art....

Reminding you that several of us have told you that a notary has the
document in her possession; and binds the document to a person; and that
we have rather a lot of experience in identifying documents (even for
simple things like email), such as the PGP digital timestamping service.

   Dp := any electronic document submitted by some person, converted to its
         canonical form
   Cp := a electronic certificate irrefutably identifying the other person
         submitting the document
   Cn := certificate of the notary
   Tn := timestamp of the notary
   S() := signature of the notary

   S( MD5(Tn || Dp || Cp || Cn) ).

Of course, I'm sure the formula could be improved, and there are
traditionally fields identifying the algorithms used, etc. -- or something
else I've forgotten off the top of my head -- but please argue about the
actual topic of this thread, instead of incessant strawmen.

> The notary is only safe from this flaw in MD5 if you

Another statement with no proof.  As the original poster admitted, there is
not a practical preimage or second preimage attack on MD5 (yet).

> assume he is not using MD5 for its intended purpose.
As to "its intended purpose", rather than making one up, I've always relied
upon the statement of the designer:

    ... The MD5
    algorithm is intended for digital signature applications, where a
    large file must be "compressed" in a secure manner before being
    encrypted with a private (secret) key under a public-key cryptosystem
    such as RSA.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list