PlayStation 3 predicts next US president

Francois Grieu fgrieu at
Mon Dec 10 09:11:54 EST 2007

william.allen.simpson at wrote:

>  Dp := any electronic document submitted by some person, converted to its
>        canonical form
>  Cp := a electronic certificate irrefutably identifying the other person
>        submitting the document
>  Cn := certificate of the notary
>  Tn := timestamp of the notary
>  S() := signature of the notary
>  S( MD5(Tn || Dp || Cp || Cn) ).

In this context, the only thing that guards agains an attack by
"some person" is the faint hope that she can't predict the Tn
that the notary will use for a Dp that she submits.

That's because if Tn is known (including chosen) to "some person",
then (due to the weakness in MD5 we are talking about), she can
generate Dp and Dp' such that
  S( MD5(Tn || Dp || Cp || Cn) ) = S( MD5(Tn || Dp' || Cp || Cn) )
whatever Cp, Cn and S() are.

If Tn was hashed after Dp rather than before, poof goes security.

  Francois Grieu

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list