Pardon the top-post, I'm on a retarded mobile client at the moment... I wish the following were true. However a current nsa.gov url with a recent timestamp explicitly lists FIPS 180-4 hashes (SHA-n) as covered by the notification requirement.
I phrased my initial query to the list explicitly in the form of "what is the FIPS 180 notification requirement", not is there one, on purpose. See the ridiculous requirements I (tangentially) cited. All cryptography has been treated as politically sensitive by the USG, even when it no longer makes sense for a given algorithm, for decades. In the current political climate in the US, does anyone want to be a test case for admittedly outdated regulatory compliance because of unrelated personal views or actions? I sure don't. After last nights research session, I'm going to stick with sending in email notification for open source FIPS 180 code. This isn't the country it described in social studies and civics class anymore, at all, however once it may have lived up to that mythology. Cheers, David Mercer David Mercer Portland, OR -----Original Message----- From: Ray Dillinger <[email protected]> Sender: [email protected] Date: Tue, 03 Sep 2013 12:29:38 To: <[email protected]> Subject: [Cryptography] Three kinds of hash: Two are still under ITAR. On 09/03/2013 09:54 AM, [email protected] wrote: > --Alexander Kilmov wrote: >> --David Mercer wrote: >>> 2) Is anyone aware of ITAR changes for SHA hashes in recent years >>> that require more than the requisite notification email to NSA for >>> download URL and authorship information? Figuring this one out last >>> time around took looootttttttssssss of reading. > >> I used to believe that hashing (unlike >encryption) was not considered >> arms. If I recall the most recent revision, the above requirement is true for keyed hashes whether they are "signatures" with public-key crypto or "secret hashes" with private-key crypto) but not for "fingerprint" or unkeyed hashes like FIPS or SHA-XXX. The distinction among the three types: "Signature" hashes: Alice produces a "signature" hash using her private key. Because her public key is common knowledge, everybody can tell that Alice (or at least someone with her private key) really did sign it. "Secret" hashes: MIB or some similar group share knowledge of a secret key. A, a member of the group, produces a secret hash using that key, and when they check, every member from Bea to Zed knows know that some member of the organization (or at least someone who has the secret key) did sign it. But even if the message and hash are public or in an insecure channel like email, nobody who doesn't have the key can prove a thing about the signer. Or at least, not from the signature itself. Server logs and "security" video surveillence of public terminals etc, are an entirely different thing. A would be worried about those if she had an official "identity" for someone to find. "Fingerprint" hashes: Anybody can apply a fingerprint hash to something, and it proves nothing about who signed it because the hash is completely public knowledge and has no particular key. Anyone who applies a fingerprint hash to something will get exactly the same hash code for the same thing. The point of a fingerprint hash is that it is a fixed-length probably-unique identifier that can be checked in constant time. If the fingerprint of two documents are not equal, the documents are guaranteed to be dissimilar. If the documents are dissimilar, the signatures are *almost* guaranteed to be dissimilar. This is very useful for looking up documents in a hash table or tree, for example, using the fingerprint hash as a key. Usually when cryptographers use the word "hash" they are talking about a fingerprint hash. Bear _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
