On 2013-12-03 10:34 AM, Yuri D'Elia <[email protected]> wrote:
On 12/03/2013 04:16 PM, Tanstaafl wrote:
On 2013-11-21 8:11 AM, Yuri D'Elia <[email protected]> wrote:
Is computing a SHA1 and including it in the body good enough?
I guess that depends on whether or not it would be accepted as evidence
in court that the file download from the link was the same file we would
then submit.
Any idea if a SHA1 would be good enough for that?
That depends on the country itself. I have no idea if that would be
"evidence" enough, given that any hash has collisions, and thus
constitutes no absolute proof.
True... but I guess I was asking in a roundabout way, what are the
statistical chances of a collision with SHA1... but I guess a quick
google could easily answer that (looks like its very very low):
http://stackoverflow.com/questions/1867191/probability-of-sha1-collisions
So, yes, that should be sufficient... :)
Because if you want cryptographical identity, you need to generate
something like a PGP file signature, not just a hash. And this is
definitely much more complicated.
All I'm looking for is something that could be used to prove in court
that the file we claim we sent is the one we sent.
Let's put it that way: what if the user happens to have a copy of the
file already, which is absolutely identical, but didn't download it from
you?
If it was indeed identical then we wouldn't be in court... ;)
So, now the question is, how easy would it be to add this hashing
feature to the Thunderbird extension?
Thanks Yuri!
