[Cryptography] Three kinds of hash: Two are still under ITAR.

Ray Dillinger bear at sonic.net
Tue Sep 3 15:29:38 EDT 2013

On 09/03/2013 09:54 AM, radix42 at gmail.com wrote:
> --Alexander Kilmov wrote:
>> --David Mercer wrote:
>>> 2) Is anyone aware of ITAR changes for SHA hashes in recent years
>>> that require more than the requisite notification email to NSA for
>>> download URL and authorship information? Figuring this one out last
>>> time around took looootttttttssssss of reading.
>> I used to believe that hashing (unlike >encryption) was not considered
>> arms.

If I recall the most recent revision, the above requirement is true
for keyed hashes whether they are "signatures" with public-key crypto
or "secret hashes" with private-key crypto) but not for "fingerprint"
or unkeyed hashes like FIPS or SHA-XXX.

The distinction among the three types:

"Signature" hashes:  Alice produces a "signature" hash using her
private key.  Because her public key is common knowledge, everybody
can tell that Alice (or at least someone with her private key)
really did sign it.

"Secret" hashes:  MIB or some similar group share knowledge of a
secret key.  A, a member of the group, produces a secret hash
using that key, and when they check, every member from Bea to Zed
knows know that some member of the organization (or at least
someone who has the secret key) did sign it. But even if the
message and hash are public or in an insecure channel like email,
nobody who doesn't have the key can prove a thing about the
signer. Or at least, not from the signature itself.  Server logs
and "security" video surveillence of public terminals etc, are
an entirely different thing. A would be worried about those
if she had an official "identity" for someone to find.

"Fingerprint" hashes:  Anybody can apply a fingerprint hash to
something, and it proves nothing about who signed it because
the hash is completely public knowledge and has no particular
key. Anyone who applies a fingerprint hash to something will get
exactly the same hash code for the same thing. The point of a
fingerprint hash is that it is a fixed-length probably-unique
identifier that can be checked in constant time.  If the
fingerprint of two documents are not equal, the documents are
guaranteed to be dissimilar.  If the documents are dissimilar,
the signatures are *almost* guaranteed to be dissimilar.  This
is very useful for looking up documents in a hash table or
tree, for example, using the fingerprint hash as a key.
Usually when cryptographers use the word "hash" they are
talking about a fingerprint hash.


More information about the cryptography mailing list