Intuitive cryptography that's also practical and secure.

Steven M. Bellovin smb at cs.columbia.edu
Fri Jan 26 19:29:28 EST 2007


Good work.  In fact, I knew days ago that you would post this...

I agree with you about intuitive cryptography.  What you're complaining
about is, in effect, "Why Johnny Can't Hash".  There was another
instance of that in today's NY Times.  In one of the court cases
stemming from the warrantless wiretapping, the Justice Department is,
in the holy name of security, effectively filing court papers with
itself -- it's depositing the "filings" in a secure facility, rather
than with the court, to protect them.  I won't go into the legal,
political, judicial, or downright bizarre aspects of this case (save to
note that one of the plaintiff's attorneys was quoted as saying
"Sometime during all of this, I went on Amazon and ordered a copy of
Kafka?s ?The Trial,? because I needed a refresher course in bizarre
legal procedures."), but one point the article mentioned is
relevant here:  how is the record preserved for a possible
appeal?  Indeed, one of the judges involved has commented on that
point.

There's an obvious cryptographic solution, of course: publish the
hash of any such documents.  Practically speaking, it's useless.  Apart
from having to explain hash functions to lawyers, judges, members of
Congress, editorial page writers, bloggers, and talk show hosts, is
this a time you'd want to stand up before a Congressional committee and
testify that some NSA technology, i.e., SHA-512, that NIST thinks needs
replacing, is still strong enough to protect documents that concern
possible NSA misconduct?  And of course, collision attacks are
precisely the concern here.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list