On Tue, Feb 04, 2014 at 04:17:47PM +0100, Natanael wrote:
> Because it's trivial to create collisions! You can choose exactly what
> output you want. That's why XOR is a very bad digest scheme.

You're close, but not quite.

So, imagine you have a merkle tree, and you're trying to timestamp some
data at the bottom of the tree. Now you can successfully timestamp the
top digest in the Bitcoin blockchain right, and be sure that digest
existed before some time. But what about the digests at the bottom of
the tree? What can an attacker do exactly to make a fake timestamp if
the tree is using XOR rather than a proper hash function?

-- 
'peter'[:-1]@petertodd.org
000000000000000075829f6169c79d7d5aaa20bfa8da6e9edb2393c4f8662ba0