[cap-talk] use of hashcodes?
kenton at google.com
Fri Feb 19 19:03:47 PST 2010
This reminds me of a great quote which I'm guessing has been through this
“Using encryption on the Internet is the equivalent of arranging an armored
car to deliver credit card information from someone living in a cardboard
box to someone living on a park bench.”
– Gene Spafford Ph.D.
Professor of Computer Sciences, Purdue University
On Fri, Feb 19, 2010 at 6:49 PM, David Wagner <daw at cs.berkeley.edu> wrote:
> Raoul Duke wrote:
> >On Fri, Feb 19, 2010 at 12:19 PM, Tyler Close <tyler.close at gmail.com>
> >> The ETag values in Waterken are a SHA-256 HMAC of all state and code
> >> used during a query. You'd have a pretty good paper if you could
> >> generate a collision.
> >just because something is a low probability...
> As others have said, it's not really a matter of probability .
> But let's put some perspective on it. What are the chances that the
> SHA-256 hash is the weakest link in the security of Waterken? I would
> say, that's exceedingly unlikely. To turn it around, if SHA-256 is the
> weakest link, Tyler has done an absolutely brilliant job of software
> Our ability to build secure cryptographic algorithms vastly exceeds
> our ability to build secure software -- by an enormous margin. If you
> want to think about the risks to Waterken, the risk that someone finds
> a practical collision attack on SHA-256 is pretty far down the list;
> there are many other risks that have a much higher probability, and
> which therefore should receive much more of your attention.
> In my opinion, this aspect of Waterken's design is well grounded in
> cryptographic principles and a solid, robust, well-thought-out design.
> Given our current understanding of cryptography, the kind of attacks
> you mentioned just aren't worth worrying about.
>  If you generate values randomly to see if any of them just happen
> to collide, well, yeah, then it's a probability question: we know
> how to calculate the probability that you find a collision that way.
> (That probability is demonstrably miniscule.) But that's not really
> the relevant question. The relevant question is whether there is a
> more clever algorithm that lets you find collisions intelligently.
> That is strongly believed to be infeasible, but of course we have no
> proof, and it's always possible our beliefs are wrong, and I wouldn't
> know how to assign a probability to that possibility possibility.
> cap-talk mailing list
> cap-talk at mail.eros-os.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk