Web of Trust itself is the problem

Robert J. Hansen rjh at sixdemonbag.org
Mon Jan 11 07:26:08 CET 2010


On 01/10/2010 10:57 PM, Faramir wrote:
>> * How hashes are misused and shouldn't be used
>   Ehh... I've never thought about it. How they should not be used?

I've seen computerized votes authenticated by MD5 hash... sent over
email... in the same message as the official vote record.  As in, "the
attachment has MD5 hash XXX, if your version hashes out to XXX then the
vote record is authenticated."  I just about had a heart attack.  The
voting authorities thought this was just fine, and a perfectly correct
use of hashes.

>> * Type I versus Type II error
>   I don't have any idea about this, can you please clarify it?

False positive versus false negative.

If there's a transmission error in the sigblock *but not in the source
text*, you can have a bad signature with a completely intact message.
Therefore, the fact a signature is bad doesn't automatically tell you
the message was tampered with.

If the message was altered somehow, the signature will be bad.  However,
if the signature is bad, that doesn't necessarily mean the message was
altered somehow.

A lot of people miss this point.  It's kind of important.

> I get your point. However, people should be considered innocent until
> proven guilty.

What should be true is a question for religion, philosophy and ethics.
Engineering is about asking what *is* true.



More information about the Gnupg-users mailing list