At 06:12 PM 4/30/00 +0100, McBride, Brian wrote: > > ... Are you aware of other symmetrical algorithms that are > >more secure and have the same nice property? If security of the current > >approach is insufficient, this property can be dropped. > >Aw hell, I'm the wrong person to ask. I'm not a crypto guy. Since you ask >the >question, I take it that the security of XOR as a digest aggregator function >is an open question in your mind too. I'm not a cryptographer, either, but... It seems to me that the very property that makes XOR useful for computing incremental digests makes it cryptographically weak; i.e. the capability to selectively remove items from a digest, and add in others. If it's easy for the originator of a document, why not also for a forger? From past discussions, I also think there are two separate issues to be considered here: (a) providing a (probably) unique identifier for an RDF subgraph that is independent of serialization syntax. (b) providing a cryptographically secure digest of an RDF subgraph, which seems a considerably stronger requirement than (a). IMO, there is no reasonable way to use a reversible aggregator function for this purpose. But as I have stated in an earlier message, I question the need for a cryptographically secure digest. As Brian has already demonstrated, the XOR aggregator is not sufficient even for case (a). The immediately evident problem here is that (X XOR Y XOR Y) == X, for all Y. So how about using simple addition, modulo 2^n, as an aggregator? #g ------------ Graham Klyne (GK@ACM.ORG)Received on Tuesday, 2 May 2000 07:38:47 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:19:39 GMT