- From: Graham Klyne <GK@Dial.pipex.com>
- Date: Tue, 02 May 2000 08:02:52 +0100
- To: "McBride, Brian" <bwm@hplb.hpl.hp.com>
- Cc: www-rdf-interest@w3.org
At 06:12 PM 4/30/00 +0100, McBride, Brian wrote: > > ... Are you aware of other symmetrical algorithms that are > >more secure and have the same nice property? If security of the current > >approach is insufficient, this property can be dropped. > >Aw hell, I'm the wrong person to ask. I'm not a crypto guy. Since you ask >the >question, I take it that the security of XOR as a digest aggregator function >is an open question in your mind too. I'm not a cryptographer, either, but... It seems to me that the very property that makes XOR useful for computing incremental digests makes it cryptographically weak; i.e. the capability to selectively remove items from a digest, and add in others. If it's easy for the originator of a document, why not also for a forger? From past discussions, I also think there are two separate issues to be considered here: (a) providing a (probably) unique identifier for an RDF subgraph that is independent of serialization syntax. (b) providing a cryptographically secure digest of an RDF subgraph, which seems a considerably stronger requirement than (a). IMO, there is no reasonable way to use a reversible aggregator function for this purpose. But as I have stated in an earlier message, I question the need for a cryptographically secure digest. As Brian has already demonstrated, the XOR aggregator is not sufficient even for case (a). The immediately evident problem here is that (X XOR Y XOR Y) == X, for all Y. So how about using simple addition, modulo 2^n, as an aggregator? #g ------------ Graham Klyne (GK@ACM.ORG)
Received on Tuesday, 2 May 2000 07:38:47 UTC