digsig - when a MAC or MD is good enough?

Ian Grigg iang at systemics.com
Sat Jan 3 13:01:58 EST 2004

John Gilmore wrote:
> > Sarbanes-Oxley Act in the US.  Section 1102 of that act:
> >     Whoever corruptly--
> >        "(1) alters, destroys, mutilates, or conceals a
> >        record, document, or other object, or attempts to
> >        do so, with the intent to impair the object's
> >        integrity or availability for use in an official
> >        proceeding; ...
> >     shall be fined under this title or imprisoned not
> >     more than 20 years, or both.".
> The flaw in this ointment is the "intent" requirement.  Corporate
> lawyers regularly advise their client companies to shred all
> non-essential records older than, e.g. two years.  The big reason to
> do so is to impair their availability in case of future litigation.
> But if that intent becomes illegal, then the advice will be to shred
> them "to reduce clutter" or "to save storage space".

Battles like that will go on, although you raise an
interesting point - most docs have legal shelf life

The main observation here is that signatures, once
made, in whatever form, have a power well beyond the
bits that they consume or the paper they cover. This
law and others like it add more power, which in some
imprecise sense stacks up against the MD's recalculability.

Where it becomes interesting is if two parties in a
dispute both retain records.  If this is the case,
then it reduces the chance that someone might fiddle
with them or destroy them, as the other party has the

I suspect this makes more sense within corporates, or
for b2b scenarios.  For retail and other areas, there
are more complications.

> > Can we surmise that a digital record with an MD attached and
> > logged would fall within "object" ?
> What's the point of keeping a message digest of a logged item?  If the
> log can be altered, then the message digest can be altered to match.
> (Imagine a sendmail log file, where each line is the same as now, but
> ends with the MD of the line in some gibberish characters...)

The message digest and the record so digested can
travel different paths.  The MDs can be logged, and
the messages can be lost or disposed of.  Or some
such.  As long as the message digests are no longer
in control of a single party, they may be sufficient,
given the weight of the above, to strongly limit any
temptation to recording.

When it comes to auditing or validating of of any
records, searching on message digests is very easy.
If the message digest is with the record it covers,
it is a simple matter to quickly grep through mountains
of logs to find the entries.  It allows a positive
comparison to be done very quickly, which means those
that fail are the ones to pay attention to.

Another technique is to include a cookie in each
record which relates to the state of the log, being
a chained message digest.  If any attempt is made to
adjust a record, it throws out the following cookies.
Still, this is getting us further and further from
the original question - under what grounds could
an MD be considered a sufficient signature for
accuracy purposes?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list