We do have zero-knowledge proofs, but AFAIK they do not use SHA1. http://en.wikipedia.org/wiki/Zero-knowledge_password_proof http://en.wikipedia.org/wiki/Zero-knowledge_proof http://en.wikipedia.org/wiki/Non-interactive_zero-knowledge_proof <-- Most likely what you want
--- If everybody is thinking alike, then somebody isn't thinking // Stupidity is a renewable resource On Wed, Feb 1, 2012 at 13:55, Harald Hanche-Olsen <[email protected]> wrote: > [William Whyte <[email protected]> (2012-02-01 12:32:05 UTC)] > >> > Alice discloses a 160-bit value h and claims that she (or >> parties/devices she >> > has access to) knows a message m with h=SHA-1(m). >> > >> > Can she convince Bob of her claim using some protocol, without letting >> Bob >> > find m, and without a third party or device that Bob trusts? > [...] > >> You can obviously prove it in the case where Alice claims she knows >> SHA-1(SHA-1(m)), which seems to be the same claim. > > I feel an anti-top-posting rant coming on, but I'll endeavour to clamp > down on it. Instead, let me ask if you have a different definition of > «obvious» than I do? Or if not, a sentence or two of explanation > should clear it up real quick. > > - Harald > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
