[Cryptography] Three kinds of hash: Two are still under ITAR.

radix42 at gmail.com radix42 at gmail.com
Tue Sep 3 16:00:20 EDT 2013

Pardon the top-post, I'm on a retarded mobile client at the moment...

I wish the following were true. However a current nsa.gov url with a recent timestamp explicitly lists FIPS 180-4 hashes (SHA-n) as covered by the notification requirement.

I phrased my initial query to the list explicitly in the form of "what is the FIPS 180 notification requirement", not is there one, on purpose. See the ridiculous requirements I (tangentially) cited.

All cryptography has been treated as politically sensitive by the USG, even when it no longer makes sense for a given algorithm, for decades. In the current political climate in the US, does anyone want to be a test case for admittedly outdated regulatory compliance because of unrelated personal views or actions?

I sure don't. After last nights research  session, I'm going to stick with sending in email notification for open source FIPS 180 code. This isn't the country it described in social studies and civics class anymore, at all, however once it may have lived up to that mythology. 


David Mercer

David Mercer
Portland, OR

-----Original Message-----
From: Ray Dillinger <bear at sonic.net>
Sender: cryptography-bounces+radix42=gmail.com at metzdowd.com
Date: Tue, 03 Sep 2013 12:29:38 
To: <cryptography at metzdowd.com>
Subject: [Cryptography] Three kinds of hash: Two are still under ITAR.

On 09/03/2013 09:54 AM, radix42 at gmail.com wrote:
> --Alexander Kilmov wrote:
>> --David Mercer wrote:
>>> 2) Is anyone aware of ITAR changes for SHA hashes in recent years
>>> that require more than the requisite notification email to NSA for
>>> download URL and authorship information? Figuring this one out last
>>> time around took looootttttttssssss of reading.
>> I used to believe that hashing (unlike >encryption) was not considered
>> arms.

If I recall the most recent revision, the above requirement is true
for keyed hashes whether they are "signatures" with public-key crypto
or "secret hashes" with private-key crypto) but not for "fingerprint"
or unkeyed hashes like FIPS or SHA-XXX.

The distinction among the three types:

"Signature" hashes:  Alice produces a "signature" hash using her
private key.  Because her public key is common knowledge, everybody
can tell that Alice (or at least someone with her private key)
really did sign it.

"Secret" hashes:  MIB or some similar group share knowledge of a
secret key.  A, a member of the group, produces a secret hash
using that key, and when they check, every member from Bea to Zed
knows know that some member of the organization (or at least
someone who has the secret key) did sign it. But even if the
message and hash are public or in an insecure channel like email,
nobody who doesn't have the key can prove a thing about the
signer. Or at least, not from the signature itself.  Server logs
and "security" video surveillence of public terminals etc, are
an entirely different thing. A would be worried about those
if she had an official "identity" for someone to find.

"Fingerprint" hashes:  Anybody can apply a fingerprint hash to
something, and it proves nothing about who signed it because
the hash is completely public knowledge and has no particular
key. Anyone who applies a fingerprint hash to something will get
exactly the same hash code for the same thing. The point of a
fingerprint hash is that it is a fixed-length probably-unique
identifier that can be checked in constant time.  If the
fingerprint of two documents are not equal, the documents are
guaranteed to be dissimilar.  If the documents are dissimilar,
the signatures are *almost* guaranteed to be dissimilar.  This
is very useful for looking up documents in a hash table or
tree, for example, using the fingerprint hash as a key.
Usually when cryptographers use the word "hash" they are
talking about a fingerprint hash.


The cryptography mailing list
cryptography at metzdowd.com

More information about the cryptography mailing list