On Tue, 6 Feb 2007, Shachar Shemesh wrote:
Peter wrote:
Note that I am not a security expert.
But you sure do a fine job of playing one on Linux-il, while trying to
contradict people who make a living from being security experts, such as
Aviram and myself.
You are:
a) Putting words in my mouth
b) Telling me what I pretend to be when I am not pretending anything,
and after I said so much
b.1) Holding that against me
c) Interpreting a legit discussion about id theft paranoia and ideas as
a 'security related thread'
d) Next, you'll accuse me of taking away your bread
e) Accusing me of 'trying to contradict' people (as in, discussing ?!)
f) You clearly are a security expert since you have managed to hide this
fact successfully for the previous ~20 messages in this thread
All in all, it's good to be reminded from time to time where one lives.
With this Internet thing the big blue room's local realities are not
always obvious. Sort of like losing touch with the land of bilk and
honey.
How is hash a digital signature?
A hash is a checksum that has the property of being hard to duplicate
with a different data set (as in, message).
A, mostly correct explanation of what a hash is snipped.
For a message, if a hash sum is computed and stored somewhere (perhaps
in the message itself,
...
then the content of the message cannot be tampered with without
changing the sum.
But if the sum is part of the message, and I can tamper with the
message, the only conclusion is that I can also tamper with the sum.
In other words, if you receive a message that has a SHA-1 of it in it,
the only thing you can deduct is that whoever wrote this message (or
someone in between) knows how to apply SHA-1 to it. It does not tell you
that the person who wrote this message is the person written in the
"From:" address, which means that for all intent and purposes, the
message is not signed.
UNLESS (and you would know that if you would read what I write, I
think), the signature covers 'other things' besides the message body, AS
I WROTE. AND unless it is not a SHA-1 sum but one of a number of other
things.
A cryptographic hash is an irreversible function that can be applied the
right way by anyone and the wrong way by no one. That's what makes it
useful. A signing algorithm (at least, a public key signing algorithm)
is a function that can be applied in one way only by someone who knows a
secret part of a key, and the other way by anyone who knows the public
part of the same key. Also, the public and private part must be tied by
a 1:1 relationship.
Assuming it is meant to be a 1:1 and not a 1:N relationship. Nitpicks:
1. There are no irreversible single-factor functions. There are
functions that are difficult to reverse now but may not be tomorrow.
This is already proven for MD5 and SHA-1.
2. Your definition of a public key signing algorythm is correct, but it
has no application in this thread.
3. Repeated attempts to redefine the generalized term 'signature' in the
context of this thread (which I sort of started) as a 'public key
standard signature, which may be legally binding' are noted. They are
superfluous. This thread is not, was not, and never will be about that.
It was, is, and will be, about a different type of signature, which is
deniable and not legally binding.
I humbly bow to the real experts,
Peter
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
