SHA1 is generally recognized as being just fine for most business purposes, even after the Chinese attack.<p>When people talk about the security of something it's really important to understand the nature of the attack. Even if you could theoretically generate a random looking chunk of data which could return the same digest, that in itself does not make the timecert any less secure.<p>This is more an issue in traditional digital signature applications.<p>I also think I'd dispute the idea that they aren't worth much in a patent dispute. Academic Journals and Patent Applications work as a trusted third party in the same way as TimeCert does.<p>An online Lab Journal service would be an excellent idea.
Doing this for SHA1 isn't a good choice. SHA1 is already broken.<p><a href="http://www.schneier.com/blog/archives/2005/02/sha1_broken.html" rel="nofollow">http://www.schneier.com/blog/archives/2005/02/sha1_broken.ht...</a><p>Also, blog posts are not worth much in a patent dispute. Articles in academic journals and patent applications work. A rigorously kept lab journal might do as well. Hmm, perhaps an online Lab Journal service might be a good online business?