[cap-talk] use of hashcodes?

Kenton Varda kenton at google.com
Fri Feb 19 19:03:47 PST 2010 

This reminds me of a great quote which I'm guessing has been through this
list before:

“Using encryption on the Internet is the equivalent of arranging an armored
car to deliver credit card information from someone living in a cardboard
box to someone living on a park bench.”
– Gene Spafford Ph.D.
Professor of Computer Sciences, Purdue University

On Fri, Feb 19, 2010 at 6:49 PM, David Wagner <daw at cs.berkeley.edu> wrote:

> Raoul Duke  wrote:
> >On Fri, Feb 19, 2010 at 12:19 PM, Tyler Close <tyler.close at gmail.com>
> wrote:
> >> The ETag values in Waterken are a SHA-256 HMAC of all state and code
> >> used during a query. You'd have a pretty good paper if you could
> >> generate a collision.
> >
> >just because something is a low probability...
>
> As others have said, it's not really a matter of probability [1].
>
> But let's put some perspective on it.  What are the chances that the
> SHA-256 hash is the weakest link in the security of Waterken?  I would
> say, that's exceedingly unlikely.  To turn it around, if SHA-256 is the
> weakest link, Tyler has done an absolutely brilliant job of software
> engineering.
>
> Our ability to build secure cryptographic algorithms vastly exceeds
> our ability to build secure software -- by an enormous margin.  If you
> want to think about the risks to Waterken, the risk that someone finds
> a practical collision attack on SHA-256 is pretty far down the list;
> there are many other risks that have a much higher probability, and
> which therefore should receive much more of your attention.
>
> In my opinion, this aspect of Waterken's design is well grounded in
> cryptographic principles and a solid, robust, well-thought-out design.
> Given our current understanding of cryptography, the kind of attacks
> you mentioned just aren't worth worrying about.
>
>
>
>
> [1] If you generate values randomly to see if any of them just happen
> to collide, well, yeah, then it's a probability question: we know
> how to calculate the probability that you find a collision that way.
> (That probability is demonstrably miniscule.)  But that's not really
> the relevant question.  The relevant question is whether there is a
> more clever algorithm that lets you find collisions intelligently.
> That is strongly believed to be infeasible, but of course we have no
> proof, and it's always possible our beliefs are wrong, and I wouldn't
> know how to assign a probability to that possibility possibility.
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20100219/ee1c20cc/attachment.html

More information about the cap-talk mailing list