[Dirvish] hashing backups, timestamping contents

Dave Howorth dhoworth at mrc-lmb.cam.ac.uk
Wed Nov 9 10:05:18 UTC 2011

Eric Searcy wrote:
> May want to check out publictimestamp.org, which has some of the
> timestamping APIs in place and has similar establishing-prior-art goals.

Thanks for the name. I'd never heard about the project. Since the site
itself isn't exactly wide-eyed-newbie friendly, here's a link to a site
that hopefully has more explanation:


Cheers, Dave

> On 11/8/11 7:32 AM, Keith Lofstrom wrote:
>> 18 years ago, Stuart Haber filed U.S. patents for a scheme to
>> timestamp digital documents for legal proof and other purposes.  
>> The document is hashed, the cryptographic hash is sent to his
>> company (surety.com).   A file of those hashes is itself hashed,
>> with the resulting hash printed as an advertisement in a dated
>> newspaper of record such as the New York Times or the Asahi Shimbun .   
>> Dr. Haber's first U.S. patents will expire near the end of 2012.
>> Rsync hashes the files that dirvish backs up, though not with
>> cryptographic strength.  However, it may be practical to 
>> cryptographically hash a subset of the files rsync backs up 
>> daily (using the rsync log files to sense changes), and save
>> those hashes in another file (again daily), hash that file,
>> then send those hashes to volunteer hash storage servers at
>> other sites.  Those servers could hash their daily collections
>> and forward them to each other, eventually creating literally
>> "global" hashes which could be published daily in newspapers
>> of record around the world.
>> Why do this?  Sadly, some of the open source code we develop
>> (or the public domain inventions I disclose) is stolen and
>> patented by trolls.  Proving a public disclosure as prior art
>> (to invalidate the patent) can be difficult.  If we put our
>> inventions and code and ideas on the web, that can be a
>> public disclosure, but it is not legally timestamped with
>> proven provenance so it can be used in court.  Perhaps,
>> with this process, it will be easier to prove the priority
>> of our public disclosures and help fight these patents.
>> Dirvish is a good platform to add this feature to.  More
>> likely, the dirvish process can call another program using
>> the post-process directive.  That additional program does
>> the cryptographic hash and sends it to other sites.  This
>> can be done on the backup machine after backups are complete. 
>> Perhaps our community could begin the development of a program
>> for this, and deploy it after Surety's first patents expire.
>> Keith
> _______________________________________________
> Dirvish mailing list
> Dirvish at dirvish.org
> http://www.dirvish.org/mailman/listinfo/dirvish

More information about the Dirvish mailing list