Problem with faked-system-time option

Robert J. Hansen rjh at
Thu Jun 16 03:20:07 CEST 2011

On 6/15/11 8:53 PM, Jerome Baum wrote:
> I can hash a document M before D and later prove in court that the
> document existed before D.
> Proof:
> Publish C(M) in N(D)

Your claim would be submitted to a jury for consideration, as it's a
question of fact and not law.  The jury would look at your claim of
mathematical strength, be confused, and proceed to move on to something
else.  Nothing in law is proven until a jury has declared it to be so...
and pretty much everyone in a courtroom hates math.

You can attempt to prove your timestamp is correct: but ultimately,
that's *not within your control*.  It's entirely within the jury's
purview, and if the jury says "we don't buy this," then you haven't
proven a thing.

"Proof," in a mathematical sense, is irrelevant in a courtroom.  Proof
is whatever you can sneak past the judge that will make the jury buy
your claim -- nothing more.  You don't get to declare what proofs are
valid or invalid: only the jury does, and the jury doesn't care what you

Consider this: MD5 is still the standard hash algorithm used in digital
forensics.  Makes all of us have the flaming heebie-jeebies, of course:
it's crazy to use MD5 to authenticate digital data, given the collision
attacks against it.

But for the courts... what the courts think of as "proof" is not what we
think of as "proof."  We think MD5's weakness has been proven: but so
far, juries are still regularly accepting MD5 as a cryptographically
secure hash algorithm, which means that in the eyes of the court *it is*.

More information about the Gnupg-users mailing list