Zorba the Hutt (zorbathut) wrote,
Zorba the Hutt
zorbathut

cryptography and verification

Computers have made document verification much, much harder.

Say I have an email from Joe, the owner of WidgetCo, that says "we'll provide 5000 widgets at a cost of $2 each." Say I don't like Joe. I can trivially go into my computer's database and change this email to read "we'll provide 10,000 widgets at a cost of $1 each." Joe, of course, will have his copy - but who's to say mine isn't the original, and his isn't the modified version?

Cryptography fixes some of this. There's a technique called "digital signatures". I can take the email and digitally sign it in a way that's trivially verifiable, but unforgeable, and Joe can do the same thing. Even better, we can sign the other person's signatures. If I later go and modify my email, the signatures break. I can, of course, re-sign it with my own key. But I can't force Joe to re-sign it, and when it gets to court and they discover that my version is signed by me, and Joe's version is signed by both of us, it's pretty obvious what happened.

Of course, I could potentially hack Joe's computer and sign my version with Joe's key. Sucks to be Joe.

Sometimes, however, you don't have two people involved. Sometimes you just have one person, who wants to write something and have it stamped by an authority. "This was written on June 5th, 2002." For copyright purposes, for example. Or for evidence trail purposes - you could stamp every email you receive or send, and then, when you need to prove that certain things went through your mailbox, you can.

There's limits to what this really proves, of course - it would really just say "this person had this information available at this time, and decided it was worth digitally signing". It doesn't prove that it was the email Joe originally sent to you (unless, of course, Joe signed it first). It just said "this information existed at this time".

It's also a bit hard to achieve. You can't just sign it with your key and the date written down. What would stop you from signing it with a different date? You could send it to a friend. I'm sure that will hold up well in court. "Yes, really! I had this information available! My good friend will vouch for me!" Really, you need to set it up so that total strangers will vouch for you.

So here's my idea. A publicly available webserver. Send it data (presumably there will be a size limit on this - if your file exceeds the limit, it's actually just as secure to sign the data yourself and send it your digital signature for it to sign) and it appends a date, signs the whole shebang, and returns the result to you. Every day, just for security's sake, it throws away its old private key and retains all its public keys forever. (The private key is the part that makes it possible to sign things. The public key is the part that makes it possible to verify things. This means that it could never again sign documents with that day's key, even if it was hacked later on - the data simply no longer exists.)

Even this isn't particularly secure. You might know the guy with the webserver. You might hack the server - if you do it before the private key is generated, you can just intercept the private key and copy it to your systems. Now you can sign things with *any* date! Luckily there's a fix to this.

Open-source it and encourage people to set up their own servers. Keep a list. Now if you want to sign data, you send it to a dozen, or two dozen, or a hundred servers. All run by different people. If one of those servers turns out to be compromised, who cares? It doesn't invalidate the rest of the signatures.

It looks like there's one out there right now - Stamper. There should be more, though. This isn't very secure yet.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 5 comments