[EMAIL PROTECTED] wrote: > Dp := any electronic document submitted by some person, converted to its > canonical form > Cp := a electronic certificate irrefutably identifying the other person > submitting the document > Cn := certificate of the notary > Tn := timestamp of the notary > S() := signature of the notary > > S( MD5(Tn || Dp || Cp || Cn) ).
In this context, the only thing that guards agains an attack by "some person" is the faint hope that she can't predict the Tn that the notary will use for a Dp that she submits. That's because if Tn is known (including chosen) to "some person", then (due to the weakness in MD5 we are talking about), she can generate Dp and Dp' such that S( MD5(Tn || Dp || Cp || Cn) ) = S( MD5(Tn || Dp' || Cp || Cn) ) whatever Cp, Cn and S() are. If Tn was hashed after Dp rather than before, poof goes security. Francois Grieu --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
