Re: PlayStation 3 predicts next US president

Mon, 10 Dec 2007 11:46:57 -0800

What puzzles me in all this long and rather arcane discussion is why isn't the solution of using a double hash - MD5 *and* SHA whatever. The odds of find a double collision go way up.
Some open source software people are already doing this. I've played around with the sample files that are out there and find an easy way to do this but I don't have either the horsepower or skill to be at all definitive. 


My gut tells me that using two processes that use different 
algorithms, even though compromised, will raise the bar so high 
that it would be secure for a long time.



At my skill level and horsepower I can't find even a single way 
to do this with CRC32 and MD5. Granted, that certainly doesn't 
mean a whole lot.



But to take a real world example, a safety deposit box, the two 
keys have to work together to open the box. It really does not 
matter is one is a Yale and the other a combination, either one 
of which are easily compromised by themselves, but together you 
would have to find both at the same time to open the box, a lot 
tougher problem.


Best,

Allen

Francois Grieu wrote:

[EMAIL PROTECTED] wrote:


 Dp := any electronic document submitted by some person, converted to its
       canonical form
 Cp := a electronic certificate irrefutably identifying the other person
       submitting the document
 Cn := certificate of the notary
 Tn := timestamp of the notary
 S() := signature of the notary

 S( MD5(Tn || Dp || Cp || Cn) ).


In this context, the only thing that guards agains an attack by
"some person" is the faint hope that she can't predict the Tn
that the notary will use for a Dp that she submits.

That's because if Tn is known (including chosen) to "some person",
then (due to the weakness in MD5 we are talking about), she can
generate Dp and Dp' such that
  S( MD5(Tn || Dp || Cp || Cn) ) = S( MD5(Tn || Dp' || Cp || Cn) )
whatever Cp, Cn and S() are.

If Tn was hashed after Dp rather than before, poof goes security.


  Francois Grieu

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]























					Reply via email to