On Tue, 30 Aug 2005 17:15, Karsten Hilbert wrote: > That doesn't make any difference whatsoever. > > GNotary is about being able to prove the *integrity* of a > document not the truthfulness of the content.
It does make a huge difference With that attack you can equally well have two separate documents a priori - the principle is that MD5 sequentially processes blocks of data, meaning you can change just a single block with a collision block, and the whole of the document will still produce the same hash. With increasing availability of huge MD5sum databases where you can simply search for already existing collisions, you can handcraft a collision block that effectively changes data in a non-detectable way. Still rather difficult and certainly an effort, but doable. Horst _______________________________________________ Gnumed-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnumed-devel
