[9202] in cryptography@c2.net mail archive
Re: Anonymous Credit
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Sep 3 14:35:01 2001
To: ukcrypto@chiark.greenend.org.uk
Cc: Coderpunks <coderpunks@toad.com>,
Cryptography <cryptography@wasabisystems.com>
From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>
Date: 03 Sep 2001 19:44:27 +0200
In-Reply-To: <3B91416C.BA16458E@algroup.co.uk> (Ben Laurie's message of "Sat, 01 Sep 2001 21:13:32 +0100")
Message-ID: <tgheukf9tw.fsf@mercury.rus.uni-stuttgart.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Ben Laurie <ben@algroup.co.uk> writes:
> Note that you should be rather careful about leaving the private key
> lying around, just in case someone guesses who you are. And, in case it
> isn't obvious, don't use the key for anything else.
Do you really need public key cryptography? What about this: Just
remember some phrase, calculate a cryptographic hash of the phrase and
the document in sequence, and publish the document along with the
hash. If the hash is safe, only you should be able to reveal the
prefix which yields the pubished hash together with the document.
(This assumes that no man-in-the-middle attacks are possible before
the public dissemination of the document and the hash. For example,
the publisher might replace the hash with his own creation.)
[Moderator's note: an HMAC is *much* safer than simply prepending a
key to construct a MAC with a cryptographic hash. --Perry]
The advantage is that you don't need to store any data in order to
claim authorship later on. The disadvantage: in order to be sacure,
the pass phrase has to be quite long, therefore it will be difficult
to remember.
(Please Cc: me on reply, I don't think I'm subscribed to any of the
mailing lists involved.)
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
