Intuitive cryptography that's also practical and secure.

Leichter, Jerry leichter_jerrold at emc.com
Tue Jan 30 16:10:47 EST 2007 

| ...I agree with you about intuitive cryptography.  What you're
| complaining about is, in effect, "Why Johnny Can't Hash".  There was
| another instance of that in today's NY Times.  In one of the court
| cases stemming from the warrantless wiretapping, the Justice
| Department is, in the holy name of security, effectively filing court
| papers with itself -- it's depositing the "filings" in a secure
| facility, rather than with the court, to protect them.  I won't go
| into the legal, political, judicial, or downright bizarre aspects of
| this case (save to note that one of the plaintiff's attorneys was
| quoted as saying "Sometime during all of this, I went on Amazon and
| ordered a copy of Kafka?s ?The Trial,? because I needed a refresher
| course in bizarre legal procedures."), but one point the article
| mentioned is relevant here:  how is the record preserved for a
| possible appeal?  Indeed, one of the judges involved has commented on
| that point.
| 
| ...There's an obvious cryptographic solution, of course: publish the
| hash of any such documents.  Practically speaking, it's useless.  Apart
| from having to explain hash functions to lawyers, judges, members of
| Congress, editorial page writers, bloggers, and talk show hosts,...
This is a common misconception.  The legal system does not rely on
lawyers, judges, members of Congress, and so on understanding how
technology or science works.  It doesn't rely on them coming to accept
the trustworthiness of the technology on any basis a technologist would
consider reasonable.  All it requires is that they accept the authority
of experts in the subject area, and that those experts agree "strongly
enough" that the mechanism is sound.

How many people understand DNA matching?  How much do you think *you*
understand about DNA matching?  Could you name a single reagent used in
doing a DNA match?  Could you distinguish between a good match and a bad
match?  If someone handed you one of those pictures of different bands
on an electrophoresis plate, could you tell if it was real or faked?
Does any of this influence your faith in the validity of DNA matching as
a forensic technology?

Just as DNA matching can be explained in very simple, if fundamentally
very limited terms, as something like fingerprint matching only more
sophisticated, one can easily explain hashing in pretty much the same
terms.  It would not be hard to find highly credentialed experts who
would testify as to the worth, applicability, and general acceptance by
those in the field, of the technique.  Sure, lawyers on the other side
of a case trying to gain acceptance for hashing could probably find
*someone* to cast doubt on it - but it's unlikely they would be very
good expert witnesses - and in the end that's what determines the
outcome.

| this a time you'd want to stand up before a Congressional committee and
| testify that some NSA technology, i.e., SHA-512, that NIST thinks needs
| replacing, is still strong enough to protect documents that concern
| possible NSA misconduct?  And of course, collision attacks are
| precisely the concern here.
Well, there will always be tin-hatters out there who will doubt
absolutely everything.  We rely on the police to hold on to evidence
concerning the people charged with crimes - who are sometimes corrupt
cops, politicians who control police funds, etc., etc.  There are
procedural safeguards around the chain of custody of materials.

When it comes to records of decided cases, the courts hold on to this
stuff.  Just how secure are *their* facilities?  There is rarely reason
for anyone to mount a concerted attack against them.  If you're worrying
about the NSA modifying stored evidence, what makes you think they would
have much trouble mounting a black-bag attack against some court's
storage room somewhere?

There are a number of very troubling issues about this series of cases
and the way the courts have allowed them to be handled (so far; history
shows that the courts, just like the other branches of government, are
very protective of what they perceive as their domain of responsibility,
and they tend to take back their roles).  But I'm not particularly
concerned about the NSA using some secret technique to find a second
preimage of a hash of the evidence.  Of course, the practical
difficulties of even getting to the point of being able to compute a
hash over a large collection of papers, books, various kinds of records,
and likely some other pieces of physical evidence is considerable....

							-- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list