PlayStation 3 predicts next US president

Allen netsecurity at
Mon Dec 10 13:06:16 EST 2007

What puzzles me in all this long and rather arcane discussion is 
why isn't the solution of using a double hash - MD5 *and* SHA 
whatever. The odds of find a double collision go way up.

Some open source software people are already doing this. I've 
played around with the sample files that are out there and find 
an easy way to do this but I don't have either the horsepower or 
skill to be at all definitive.

My gut tells me that using two processes that use different 
algorithms, even though compromised, will raise the bar so high 
that it would be secure for a long time.

At my skill level and horsepower I can't find even a single way 
to do this with CRC32 and MD5. Granted, that certainly doesn't 
mean a whole lot.

But to take a real world example, a safety deposit box, the two 
keys have to work together to open the box. It really does not 
matter is one is a Yale and the other a combination, either one 
of which are easily compromised by themselves, but together you 
would have to find both at the same time to open the box, a lot 
tougher problem.



Francois Grieu wrote:
> william.allen.simpson at wrote:
>>  Dp := any electronic document submitted by some person, converted to its
>>        canonical form
>>  Cp := a electronic certificate irrefutably identifying the other person
>>        submitting the document
>>  Cn := certificate of the notary
>>  Tn := timestamp of the notary
>>  S() := signature of the notary
>>  S( MD5(Tn || Dp || Cp || Cn) ).
> In this context, the only thing that guards agains an attack by
> "some person" is the faint hope that she can't predict the Tn
> that the notary will use for a Dp that she submits.
> That's because if Tn is known (including chosen) to "some person",
> then (due to the weakness in MD5 we are talking about), she can
> generate Dp and Dp' such that
>   S( MD5(Tn || Dp || Cp || Cn) ) = S( MD5(Tn || Dp' || Cp || Cn) )
> whatever Cp, Cn and S() are.
> If Tn was hashed after Dp rather than before, poof goes security.
>   Francois Grieu
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list