PlayStation 3 predicts next US president
Francois Grieu
fgrieu at gmail.com
Mon Dec 10 09:11:54 EST 2007
william.allen.simpson at gmail.com wrote:
> Dp := any electronic document submitted by some person, converted to its
> canonical form
> Cp := a electronic certificate irrefutably identifying the other person
> submitting the document
> Cn := certificate of the notary
> Tn := timestamp of the notary
> S() := signature of the notary
>
> S( MD5(Tn || Dp || Cp || Cn) ).
In this context, the only thing that guards agains an attack by
"some person" is the faint hope that she can't predict the Tn
that the notary will use for a Dp that she submits.
That's because if Tn is known (including chosen) to "some person",
then (due to the weakness in MD5 we are talking about), she can
generate Dp and Dp' such that
S( MD5(Tn || Dp || Cp || Cn) ) = S( MD5(Tn || Dp' || Cp || Cn) )
whatever Cp, Cn and S() are.
If Tn was hashed after Dp rather than before, poof goes security.
Francois Grieu
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list