hashes in p2p, was Re: switching from SHA-1 to Tiger ?

Travis H. solinym at gmail.com
Tue Jul 11 21:13:45 EDT 2006


On 7/11/06, Zooko O'Whielacronx <zooko at zooko.com> wrote:
> I hope that the hash function designers will be aware that hash
> functions are being used in more and more contexts outside of the
> traditional digital signatures and MACs.  These new contexts include
> filesystems like ZFS [3], decentralized revision control systems like
> Monotone [4], git [5], mercurial [6] and bazaar-ng [7], and peer-to-peer
> file-sharing systems such as Direct Connect, Gnutella, and Bitzi [6].

MD4/5 are commonly used as a unique fixed-size identifier of an
arbitrarily-chosen* length of data in p2p file systems, and we are all
aware of the collision attacks.  They bring up some interesting points
to consider:

1) What semantics can one induce by using a collision attack, given
the existing protocols/clients?  There are some rumors the MPAA or
RIAA is using protocol-level attacks to "poison" p2p networks like
bittorrent and KaZaa.  Can cryptanalysis results be playing a part?

2) How do we refactor these widely deployed systems with a new,
stronger hash function?

3) Are the requirements of this hash different than for cryptographic
uses?  For example, I can imagine an argument being made that finding
one preimage is not a problem with such hashes, since the purpose of
the hashes is to use them as a reference to the preimage, which you
may simply download.  On the other hand, you don't want people to be
able to find a second preimage.

[*] In this sense there may be two kinds of arbitrary, (a) fixed by
the protocol, and (b) unspecified by the protocol.

Similar questions may be asked about e.g. operating systems which use
hashes to indicate what binaries are allowed to be executed (I have
seen a patch somewhere which does this for NetBSD).
-- 
Resolve is what distinguishes a person who has failed from a failure.
Unix "guru" for sale or rent - http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list