On Tue, Aug 30, 2005 at 08:23:30AM +0800, Syan Tan wrote: > Hashing the logs and publishing it in a paper seems to be a good idea. ... suggested by none other than Bruce Schneier, certainly someone with a clue.
> At a > document level, if the document was a program and > the program was obfuscatable, and the hash was md5 , then you could do the > 2-documents-in-1-with-switching-on-the-identically-hashing-appended-block > attack. I cannot follow that. If you are referring to collisions in a hash - yes, that's a risk. So you better use strong (for now) hashes and several hashes of different kinds at the same time. Again, as suggested by Bruce Schneier. Assuming one hash getting "broken" - eg an attack being found using which one can produce collisions as needed - immediately hash your entire back-log of hashes with the strongest hash available *then* and have that re-gnotarized. Karsten -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 _______________________________________________ Gnumed-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnumed-devel
