Can scientists correctly predict the outcome of the 2008 US presidential elections? That is the big question of the new Nostradamus website, launched on November 30, 2007 by researchers Marc Stevens (CWI, Amsterdam), Arjen Lenstra (EPFL, Lausanne), and Benne de Weger (Technical University Eindhoven). To avoid influencing the public debate on the elections, the researchers will keep their prediction secret in a pdf file until the day after the elections. Until that time, they only reveal the MD5 hash value of this file.
Such a hash value or 'checksum' can be compared to a digital fingerprint or signature of a document. Many people use the MD5 hash to check if downloaded software is exactly the same as the original. "But MD5 is not safe anymore," Benne de Weger says. "In 2004, it was already proven that two equal hash values could be constructed for files that differed 128 bytes in a row." But by now, the three researchers can even construct equal hash values for files that are different in an unlimited amount of bytes - in less than two days! "We did this with a PlayStation 3 because of its computing power," Marc Stevens explains. "Using a normal PC, it would take about 30 times longer."
At the end, constructing equal hash values turns out to be the secret behind the new Nostradamus website. "Actually, we made 12 different predictions with the same hash values," Marc Stevens smiles. "After the elections we can pick the right one. Although this is a kind of a trick, we have a serious message: People really should change their hash procedures from MD5 to safer techniques, like SHA2!"
More information can be found on PNA5's website or the Nostradamus website
