[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] GNotary
|
From: |
Tim Churches |
|
Subject: |
Re: [Gnumed-devel] GNotary |
|
Date: |
Wed, 31 Aug 2005 04:53:42 +1000 |
|
User-agent: |
Mozilla Thunderbird 1.0 (Windows/20041206) |
Sebastian Hilbert wrote:
> On Tuesday 30 August 2005 02:23, Syan Tan wrote:
>
>>the problem with the networked gnotary idea seemed to be uptake : would
>>people who ran gnotaries always be independent ?
>
>
>>Hashing the logs and publishing it in a paper seems to be a good idea. At a
> document level, if the document was a program and the program was
> obfuscatable, and the hash was md5 , then you could do the
>>2-documents-in-1-with-switching-on-the-identically-hashing-appended-block
>>attack.
Yes, but the Daum and Lucks attack (2 documents-in-one), although
clever, is trivial to discover and now that it is described, every
document whcih is a programme (i.e Postscript, PDF, MS-Word, OpenOffice
doc etc etc - needs to be inspected using a byte editor to check for the
attack, and not just printed out.
> The hash is not md5 nut sha256 and ripmd160. I hope this makes a differences.
> If not. Tough luck.
SHA256 is thought to be quite safe against both colision and pre-image
attacks for now.
Tim C