
On Sep 21, 11:43 am, Bill Janssen <jans...@parc.com> wrote:
CTO <debat...@gmail.com> wrote:
I know it seems that way at first glance, but in fact they are strongly related. There's a reason all three (and nothing else) are exported through OpenSSL's EVP API.
Bill
Don't get me wrong, I like the basic idea you're advancing, and in use hashes and crypto are frequently seen together,
Yes, that's the relationship I was thinking of. But from a broader philosophical view, a ciphertext can be thought of as a hash of a plaintext, too. A reversible hash.
You really shouldn't conflate these things. The point of a hash is to ensure message integrity, while the point of encryption is to preserve secrecy. As an example, ElGamal is a common cryptosystem that nevertheless preserves the multiplicative homomorphism, ie, E(m1) * E(m2) = E(m1*m2). Others, including unpadded RSA, will demonstrate similar properties. Under certain conditions, that can be desirable, but under many others it is very, very bad. Think of encrypting the value for a debit purchase- $100000 is just a public-key operation away from $10, but would be financially crippling to most people.
IMO, adding public key crypto routines to hashlib seems almost guaranteed to increase that confusion.
Well, that could be. Perhaps the packaging "insight" I had wasn't inspired :-). I was thinking that from the crypto-ignorant point of view, they seem quite similar. A SHA256 hash can be seen as a digital "signature" (or I've heard it called a "fingerprint") of a sequence of bytes, just as with a public-key signature. Sure, what's going on is different, but from a utility point of view, it's much the same. This is why people post md5 checksums of downloadable packages -- it's a signature.
Also a very bad idea. Hashes ensure data integrity, not that it came from the person that you think it came from. As an example, if I took a message, MD5'd it (a bad idea anyway), and appended it to the end, an adversary could just man-in-the-middle the process and wind up changing both message and hash. To you, this would remain undetectable, and in your example would result in the adversary installing arbitrary code on your machine. A good public key signature system can help to prevent that, although even that has some nontrivial difficulties associated with it. My point here is not to scare you away from crypto- its to point out that crypto is a big field, and the consequences for getting it wrong are sometimes very high. Geremy Condra