- From: McBride, Brian <bwm@hplb.hpl.hp.com>
- Date: Sun, 30 Apr 2000 18:12:50 +0100
- To: www-rdf-interest@w3.org
>The algorithm was merely indented to illustrate the approach. Cool. > >Currently it is a XOR over all statement digests having advantage that >model digest can be easily recomputed dynamically when statements are >added/deleted. > I'm not a cryptographer, so I'm just going from general knowledge here. We are looking for a cryptographically strong digest function D of a set S, of digests of statements. So, by definition, D must be such that it is computationally infeasible to find two sets S1 and S2 such that: D(S1) = D(S2) The suggestion is that XOR is such a function. Effectively, the question is, given a stream of effectively random numbers, how hard is it to find two subsets which XOR'd together, result in the same value. My guess is that it is not crypto hard, but I've asked one of our crypto guys so hopefully will know for sure soon. > ... Are you aware of other symmetrical algorithms that are >more secure and have the same nice property? If security of the current >approach is insufficient, this property can be dropped. Aw hell, I'm the wrong person to ask. I'm not a crypto guy. Since you ask the question, I take it that the security of XOR as a digest aggregator function is an open question in your mind too. >I'm putting together another bunch of updates and will release another >version of the API soon. In that case, would it be timely to offer some feedback based on my implementation experience using the current one? I've been accumlating a few comments. Didn't want to send them to the list piecemeal and I'm not finished yet. But if now is a good time for you, I could write up what I've got. Brian McBride HPLabs
Received on Sunday, 30 April 2000 13:12:59 UTC