[Cryptography] How does the size of a set of target results influence the complexity of a preimage attack?
Tom Mitchell
mitch at niftyegg.com
Tue Oct 20 03:36:37 EDT 2015
On Sat, Oct 17, 2015 at 10:36 AM, Zooko Wilcox-OHearn <
zooko at leastauthority.com> wrote:
> I don't believe that forensics is really safe with
> collision-vulnerable but pre-image-resistant hash functions.
>
> What if a bad actor generates a malicious or illegal file with the
> same MD5sum as an innocuous file and then submits the innocuous one to
> the forensics databases? How do we know that isn't already happening?
>
One important topic is understanding what constitutes an interesting match.
I suspect that the mentioned goals do not involve a single image but
involve significant trafficking or consumption of the illegal content. A
single hit or
discovered file is just too darn easy to be a false signal. Any web site
could have a
single pixel image that is not one pixel trouble and soil a computers hard
drive.
An illegal copy of Windows or Word is not one file but a set of files.
An illegal copy of one DVD or one music file is not interesting when
the multiplier of thousands is.
Child pornography raises hackles quickly still the interesting legal issues
involve
trafficking and many many files, not the handful of images in grandmas
iPhone.
This simplifies the problem because it is darn hard to generate a hundred
different files (a set) that have a hash collision with a hundred other
files.
There may be issues of extrodinary security where one file or data record
is used to
discover a trespass or leak. In such cases multiple hash functions,
sums, bit counts
in whole or part can reinforce any specific hash function. An inexpensive
computation
would discard most and the false positives can be dismissed with additional
expensive methods.
Summary:
A collection of hits is less likely than just one.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151020/60f118b0/attachment.html>
More information about the cryptography
mailing list