Orthogonal Checksums?
Bob is storing a file for Alice. Once in a while Alice wants to check that Bob still has it. The first time, she can ask him to take the MD5 of the file. What about the second time? (A single MD5 he could just store). I've looked it up in Schneier. There doesn't seem to be anything about this exact situation; will the following work? Alice makes a 128-bit random string and asks Bob to take the MD5 of the file with her random string prepended. This is impossible for Bob to compute without the file. Right? Alice, however, can precompute as many of these as she wants (as long as she keeps them secret) so she doesn't have to actually keep the file. -fnerd ps. MD5 of a file with a random string appended to the *end* *can* be computed after having discarded the file. - - - - - - - - - - - - - - - To auditors without the code, calls seem indistinguishable from noise. --George Gilder -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE-----
FutureNerd Steve Witham says:
I've looked it up in Schneier. There doesn't seem to be anything about this exact situation; will the following work?
Alice makes a 128-bit random string and asks Bob to take the MD5 of the file with her random string prepended. This is impossible for Bob to compute without the file. Right?
Alice, however, can precompute as many of these as she wants (as long as she keeps them secret) so she doesn't have to actually keep the file.
Sounds like it should work. The one provisio that I would make is that if you want to have the hashes work for years, you have to accept the fact that MD5 will become weaker and weaker as years wear on. I trust it today, but I'm not sure its good to trust it to last ten or fifteen years... Perry
participants (2)
-
fnerd@smds.com -
Perry E. Metzger