[cap-talk] use of hashcodes?

[David Wagner]

Raoul Duke  wrote:
>On Fri, Feb 19, 2010 at 12:19 PM, Tyler Close <tyler.close at gmail.com> wrote:
>> The ETag values in Waterken are a SHA-256 HMAC of all state and code
>> used during a query. You'd have a pretty good paper if you could
>> generate a collision.
>
>just because something is a low probability...

As others have said, it's not really a matter of probability [1].

But let's put some perspective on it.  What are the chances that the
SHA-256 hash is the weakest link in the security of Waterken?  I would
say, that's exceedingly unlikely.  To turn it around, if SHA-256 is the
weakest link, Tyler has done an absolutely brilliant job of software
engineering.

Our ability to build secure cryptographic algorithms vastly exceeds
our ability to build secure software -- by an enormous margin.  If you
want to think about the risks to Waterken, the risk that someone finds
a practical collision attack on SHA-256 is pretty far down the list;
there are many other risks that have a much higher probability, and
which therefore should receive much more of your attention.

In my opinion, this aspect of Waterken's design is well grounded in
cryptographic principles and a solid, robust, well-thought-out design.
Given our current understanding of cryptography, the kind of attacks
you mentioned just aren't worth worrying about.




[1] If you generate values randomly to see if any of them just happen
to collide, well, yeah, then it's a probability question: we know
how to calculate the probability that you find a collision that way.
(That probability is demonstrably miniscule.)  But that's not really
the relevant question.  The relevant question is whether there is a
more clever algorithm that lets you find collisions intelligently.
That is strongly believed to be infeasible, but of course we have no
proof, and it's always possible our beliefs are wrong, and I wouldn't
know how to assign a probability to that possibility possibility.