ChristianKl comments on A pair of free information security tools I wrote - LessWrong

17 Post author: Nanashi 11 April 2015 11:03PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (97)

CC Licenced

Comments (97)

Sort By: Best

You are viewing a single comment's thread. Show more comments above.

Comment author: Nanashi 13 April 2015 06:33:39PM * 4 points [-]

A signed PGP message has three parts and thus only three places where additional information could be hidden. 1. The header 2. The message itself 3. The signature

The header is standardized. Any changes to the header itself (especially something as blatant as inserting a private key) would be enormously obvious, and would most likely result in a message that would fail to verify due to formatting issues.

The message itself can be verified by the author of the message. If anything shows up on this field that does not exactly match up with what he or she wrote, it will also be extremely obvious.

The signature itself, firstly, must be reproduced with 100% accuracy in order for the message to verify successfully. Any after-the-fact changes to either the message or the signature, will result in a message that does not verify successfully. (This is, of course, the entire purpose of a digital signature). Furthermore, the signature is generated algorithmically and cannot be manipulated by user input. The only way to change the signature would be to change the message prior to signing. However, as indicated above, this would be extremely obvious to the author.

Comment author: ChristianKl 13 April 2015 06:55:28PM * -2 points [-]

Furthermore, the signature is generated algorithmically and cannot be manipulated by user input.

"Algorithmically" doesn't mean that there exactly one way to create a valid signature. Hash functions quite often have collisions.

Comment author: Nanashi 13 April 2015 08:08:53PM * 6 points [-]

I'm downvoting this comment because it's misleading.

First of all, no one has ever found an SHA-2 hash collision yet. Second of all, the chances of two SHA-2 hashes colliding is about 1 in 1 quattuorvigintillion. It's so big I had to look up what the number name was. It's 1 with 77 zeroes after it. We're talking universe-goes-into-heat-death-before-it-happens type odds. Only under the most absurd definition of "quite often" could anyone ever reasonably claim that a cryptographic hash function like SHA-2 "quite often" has collisions.

Comment author: ChristianKl comment score below threshold [+] (2 children)

Comment author: Nanashi 13 April 2015 09:42:46PM * 5 points [-]

Sorry Christian but I am going to stop replying after this one. I'm not trying to be a dick, it's just that at this point I think continuing our conversation is going to confuse readers more than it will help them. The concepts you are referring to and sources you are citing are only tangentially applicable to the conversation at hand.

The fact that it is possible to collide hashes, signatures, etc. is well known and obvious. The reason it is not a concern is the extreme difficulty in producing a collision. As indicated above, you would have to brute force your way through 10^77 different combinations to guarantee a successful collision.
The section you cited describes PGP encryption, not signatures. They are two entirely different things. PGP signatures do not involve session keys.
You can manipulate the output of (or "add specific entropy to") any hash function. It is, however, absurdly difficult to convey meaningful information in the output of a hash function. See above regarding the amount of work required. Furthermore, because a private key is longer than a PGP signature, it is literally impossible to encode the key in the signature.
The code uses a library, which means it supports multiple functions. The vast majority of which are not used by the script.

You are referring to several traits which are common to almost all cryptographic systems, yet you are implying these are traits unique to PGP. Furthermore, you are describing these traits with loaded language that paints them as weaknesses, when in fact, they are known, accounted-for limitations.

Anyone familiar with cryptography will gain nothing from reading this exchange, and anyone unfamiliar with cryptography will likely be confused and mislead.

Comment author: ChristianKl comment score below threshold [+] (0 children)

Comment author: dxu 13 April 2015 08:13:10PM 0 points [-]

It's 1 with 77 zeroes after it.

Not that I disagree with your general point, but... 77 isn't a multiple of 3.

Comment author: Nanashi 13 April 2015 08:18:02PM 1 point [-]

Why does it need to be a multiple of 3?

(SHA-2 = 2^256 = 1*10^77)

Comment author: dxu 13 April 2015 08:22:49PM 3 points [-]

You wrote that the odds were 1 in 1 quattuorvigintillion. I was under the impression that all "-illion"s have exponents that are multiples of 3.

Comment author: Nanashi 13 April 2015 08:25:26PM 3 points [-]

Ahhhh. I misread the output on Wolfram Alpha. You're right. I'll leave it in the original post for posterity, but also for the record, it's actually 1 in 100 quattuorvigintillion

(That's what I get for trying to be dramatic)

ChristianKl comments on A pair of free information security tools I wrote - LessWrong

Article Navigation

Comments (97)

Nearest Meetups

Virtual Study Room

Recent Comments

Recent Posts

Recent Rationality Quotes

Recent Wiki Edits

Top Contributors, 30 Days

Recent Karma Awards

Comments (97)

Top Contributors, 30 Days

You'll need to login or register to do that

(Don't worry, it only takes a few seconds)

Create

Login