[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: computer-go: Authenticating the identity of a remote go-playi ng computer program
Hi Scott,
Your analysis is absolutely correct (especially about the
difficulty of spoofing the signature.) I misunderstood the
original message.
Thanks,
Dave
--- sdossey@xxxxxxxxxxxxxxxxx wrote:
> David Stafford wrote:
>
> >I'm afraid I'm stepping into something I'll regret but I don't
> >want to let this one pass:
>
> Your knowledge of information theory is commendable. I can't
> tell you how
> many cranks there are out there who think they've developed a
> compression
> algorithm that compresses no matter what the input data is.
> That being
> said, you are stepping into something you perhaps haven't fully
> thought
> through.
>
> >Any signature of N bits can only represent, uniquely, a
> message
> >of N bits. For each additional bit added to the message the
> >signature will represent two more possible messages. For
> >example, a 32-bit signature would match a random message with
> a
> >probability of one in 4 billion. Longer signatures result in
> >smaller probability of a mismatch. The 128-bit MD5 signature
> >will match one in 2^128 messages. That is a very low
> >probability, for sure, but it doesn't uniquely represent one
> and
> >only one message.
>
> The rub is in that low probability.
>
> David, I am not a cryptographer, but I am probably more of an
> expert on both
> compression and cryptography than anybody on this list. Its my
> job to work
> with both. See http://www.hifn.com. While everything you say
> about the
> counting argument is true, you underestimate its applicability
> to the
> cryptographically HARD process of coming up with an identical
> MD5 digital
> signature for two files.
>
> First of all, I am using the phrase "MD5 digital signature",
> because the
> word "checksum" isn't quite applicable to MD5, even though it
> is in common
> parlance. MD5 is what cryptographers call a one way hash, not
> a checksum.
>
> The result of all bits in the hash result is dependent on every
> bit of the
> input data in such a way that it is almost impossible to
> "engineer" input
> data to have the same digital signature as another set of input
> data.
>
> Yes, an MD5 digital signature is of limited size length, so by
> the counting
> argument, there are other inputs that will generate the same
> MD5 digital
> signature.
>
> However, finding one/spoofing one is next to impossible. An
> MD5 digital
> signature is 16 bytes long. That is, 128 bits. Most people
> have no concept
> of how big a number 2^128 is. Let's assume that you took a
> brute force
> approach to finding inout data that matches a given digital
> signature by
> generating random data, MD5 hashing it, and repeating till you
> found a
> match. If you could do this operation 1 billion times times
> per second on
> any given computer, and you used 1 billion computers on each of
> 1 billion
> planets, it'd take on average ~5000 years to find input data
> with the same
> digital signature purely using a brute force approach.
>
> This is true, even given the fact that there are approximately
> 2^128
> possible 32 byte blocks (on average) that match any given MD5
> signature.
> The counting argument proves that lots of possible blocks
> exist, however,
> finding even one of those 2^128 32 byte blocks in the much
> larger 2^256
> possibility space of a 32 byte block is computationally
> infeasible.
>
> Using MD5 signatures to uniquely identify and fingerprint
> programs is
> perfectly normal and acceptable cryptographic practice, and if
> there is
> indeed some computationally feasible way to create two
> different programs
> that have the same MD5 signature, almost all modern day
> crypto-systems would
> be broken.
>
> -Scott Dossey
> sdossey@xxxxxxxxxxxxxxxxx
>
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/