gnumed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] GNotary


From: Karsten Hilbert
Subject: Re: [Gnumed-devel] GNotary
Date: Wed, 31 Aug 2005 17:00:23 +0200
User-agent: Mutt/1.5.9i

On Tue, Aug 30, 2005 at 10:28:48PM +0000, Horst Herb wrote:
> User-Agent: KMail/1.7.2
> 
> On Tue, 30 Aug 2005 17:15, Karsten Hilbert wrote:
> > That doesn't make any difference whatsoever.
> >
> > GNotary is about being able to prove the *integrity* of a
> > document not the truthfulness of the content.
> 
> It does make a huge difference
I can't see why. It is in your - the user's - responsibility
to use strong enough hashes. And no matter how strong a hash
you use the notary concept is never about proving the
*content* of a document. Only ever the *integrity*.

Syan asked how GNotary helped him prove that a document
contains a certain content. The answer is, it does not.
Neither does it intend to. It only proves that you did not
alter whatever you sent to the gnotary. For that, gnotary
itself needs to use sufficiently strong tools, true.

> With that attack you can equally well have two separate documents a priori - 
> the principle is that MD5 sequentially processes blocks of data, meaning you 
> can change just a single block with a collision block, and the whole of the 
> document  will still produce the same hash.
So what ? You can still prove that you did not change the
hash value that was notarized. The hash value is separate
from the document itself. Too bad you used a weak hash that
does not allow you to link the signed hash to the supposedly
hashed document (anymore).

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346




reply via email to

[Prev in Thread] Current Thread [Next in Thread]