[Python-ideas] adding digital signature and encryption "hashes" to hashlib?
CTO
debatem1 at gmail.com
Mon Sep 21 22:46:29 CEST 2009
On Sep 21, 11:43 am, Bill Janssen <jans... at parc.com> wrote:
> CTO <debat... at gmail.com> wrote:
> > > I know it seems that way at first glance, but in fact they are strongly
> > > related. There's a reason all three (and nothing else) are exported
> > > through OpenSSL's EVP API.
>
> > > Bill
>
> > Don't get me wrong, I like the basic idea you're advancing, and in
> > use hashes and crypto are frequently seen together,
>
> Yes, that's the relationship I was thinking of. But from a broader
> philosophical view, a ciphertext can be thought of as a hash of a
> plaintext, too. A reversible hash.
You really shouldn't conflate these things. The point of a hash is
to ensure message integrity, while the point of encryption is to
preserve secrecy. As an example, ElGamal is a common cryptosystem
that nevertheless preserves the multiplicative homomorphism, ie,
E(m1) * E(m2) = E(m1*m2). Others, including unpadded RSA, will
demonstrate similar properties. Under certain conditions, that
can be desirable, but under many others it is very, very bad.
Think of encrypting the value for a debit purchase- $100000 is
just a public-key operation away from $10, but would be
financially crippling to most people.
> > IMO, adding public key crypto routines to hashlib seems almost
> > guaranteed to increase that confusion.
>
> Well, that could be. Perhaps the packaging "insight" I had wasn't
> inspired :-). I was thinking that from the crypto-ignorant point of
> view, they seem quite similar. A SHA256 hash can be seen as a digital
> "signature" (or I've heard it called a "fingerprint") of a sequence of
> bytes, just as with a public-key signature. Sure, what's going on is
> different, but from a utility point of view, it's much the same. This
> is why people post md5 checksums of downloadable packages -- it's a
> signature.
Also a very bad idea. Hashes ensure data integrity, not that it came
from the person that you think it came from. As an example, if I took
a message, MD5'd it (a bad idea anyway), and appended it to the end,
an adversary could just man-in-the-middle the process and wind up
changing both message and hash. To you, this would remain
undetectable,
and in your example would result in the adversary installing
arbitrary
code on your machine. A good public key signature system can help to
prevent that, although even that has some nontrivial difficulties
associated with it.
My point here is not to scare you away from crypto- its to point out
that crypto is a big field, and the consequences for getting it wrong
are sometimes very high.
Geremy Condra
More information about the Python-ideas
mailing list