> There are no circumstances in which any reputable > certifier will ever certify any of the "multitude" > containing a hidden pdf image, especially where > generated by another party.
So the certifier is going to go through each thing he certifies, to make sure there is nothing funny about it? The whole point of MD5 is to automate that stuff. If an actual human has to go through it, and understand what it means, and certify the *meaning* then there is no reason to take an MD5 hash. > The attack requires the certifier to be compromised, > either to certify documents that the certifier did not > generate That is what certifiers do. It is what they are supposed to do. You seem to have confused certification with signing. > or to include the chosen text (hidden image) in its > documents in exactly the correct location. If it is a certifier, these are not "its" documents. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
