gnumed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] GNotary


From: Syan Tan
Subject: Re: [Gnumed-devel] GNotary
Date: Tue, 30 Aug 2005 08:23:30 +0800

the problem with the networked gnotary idea seemed to be uptake : would people who ran gnotaries always be independent ?

Hashing the logs and publishing it in a paper seems to be a good idea. At a document level, if the document was a program and
the program was obfuscatable, and the hash was md5 , then you could do the 2-documents-in-1-with-switching-on-the-identically-hashing-appended-block attack.






On Sun Aug 28 13:56 , Karsten Hilbert sent:

On Sun, Aug 28, 2005 at 08:39:38AM +0800, Syan Tan wrote:
> X-Mailer: AtMail 4.03
>
> How does gnotary prevent the timestamps in signatures from being altered at a later time
It doesn't. But doing so renders the signature invalid.

> , or a stored signature of an original document be replaced with a different
> signature of a different document at some other time , and that altered signature
> also being passed on to colluding client ?
What help is that to potential cheaters ? You keep a signed
hash of the document. If you hash the original it needs to
produce the same value as the signed hash shows.

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346


_______________________________________________
Gnumed-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/gnumed-devel



reply via email to

[Prev in Thread] Current Thread [Next in Thread]