Hacker Read

lgas · 2017-05-10 06:30:32+00:00

What would be the benefit of signing content instead of hashes?

dozzie | karma 1448 | avg karma 0.5 · | 2017-05-10 12:57:03+00:00

The thing is, you are signing hash of a hash of data instead of simply hash of data.

AgentME | karma 4810 | avg karma 2.59 · | 2015-04-30 21:29:08+00:00

Don't most systems for signing files just sign the hash of the file anyway?

anc84 | karma 4227 | avg karma 4.7 · | 2018-12-20 14:17:19

Couldn't I simply cryptographically sign my content instead?

syrrim | karma 1534 | avg karma 2.15 · | 2020-12-14 23:33:37+00:00

Usually, signing the whole damn thing is too computationally expensive, so you sign a hash instead.

acdha | karma 35410 | avg karma 2.73 · | 2021-05-13 11:36:50+00:00

Don’t signatures get you the same benefit? I don’t need to trust you simply to sign something saying “user X showed me hash Y at time Z”.

brabel | karma 6486 | avg karma 2.62 · | 2023-05-25 05:36:30

Signing is basically hashing + proof of who created the hash. You need either both, or a way to find which hash is correct according to someone, usually the owner of the artifact, and signing gives you just that.

asdkhadsj | karma 1709 | avg karma 2.83 · | 2018-08-07 15:43:37+00:00

> Signed content hashes maybe?

Isn't signing and verification arguably just as complex as HTTPS? I'd argue ignore signing and verification entirely, and make it immutable.

That's why I like immutable designs like IPFS. No trust needed when viewing content, your client can verify the content is what you're requesting.

reply

zelphirkalt | karma 5047 | avg karma 1.94 · | 2022-07-15 09:18:55

Are cryptographically-signed hashes really necessary in this case (why?)? What would be the secret, which is used for signing?

AgentME | karma 4810 | avg karma 2.59 · | 2016-10-18 20:19:40

I might be wrong, but I'm pretty sure that in practice, whenever someone signs some content, they actually sign a hash instead of the entire content so that the signature is a sane size.

If you can create a hash collision between two pieces of content and then get someone to sign one of the pieces of content, then effectively you've gotten them to sign the other piece of content too without them knowing it. This happened a few years ago when SSL certificates still allowed MD5: http://www.zdnet.com/article/ssl-broken-hackers-create-rogue...

reply

ketralnis | karma 4203 | avg karma 4.16 · | 2015-04-30 20:13:03+00:00

It doesn't have to be a simple hash either. You could have the author/release engineer sign it and then use the signature instead. This somewhat mitigates simple hash collisions

CGamesPlay | karma 7032 | avg karma 4.12 · | 2020-07-04 02:42:10+00:00

What? The signing allows the content to be mirrored in other locations with guarantees about consistency. It doesn't imply anything more about the content than SSL does.

detaro | karma 40664 | avg karma 1.79 · | 2015-09-18 20:42:05+00:00

The point is that with a signature you wouldn't have to change all the pages including the resource, but just sign the updated resource with the same key.

czbond | karma 1682 | avg karma 1.22 · | 2022-12-06 09:01:08

Agree - the signing part doesn't, the suggestion is to use Web3/blockchain as a method for others to verify secondarily the hash is from the author.

It used to be email was unique, and public keys shared for verification. Author is suggesting by placing the hash of the content on chain, anyone can independently verify it. I think it is novel

reply

bheadmaster | karma 5076 | avg karma 3.53 · | 2023-03-03 04:56:43

The usual process of signing a bunch of data is to hash it and then encrypt it with public key encryption, so the hash function is as important as the public key encryption scheme.

If the hash is weak, an attacker may be able to construct compromised data that hashes to the same hash, and the whole signature becomes worthless.

reply

ninkendo | karma 6583 | avg karma 4.03 · | 2023-06-10 09:02:40

You could sign the content with the same CA architecture we already use to encrypt it, but leave it plain text (just a thought.)

A browser could render a similar security warning to what it already does, if the signature doesn’t match or if the hash is wrong.

reply

franky47 | karma 2249 | avg karma 4.16 · | 2023-03-03 06:54:08

Both ECDSA and EdDSA hash the message internally before signing. The only advantage of signing a pre-hash, other than convenience of computation (eg: if a streaming implementation of the internal pre-hash is not available) would be to allow checking integrity without authenticity, which makes little sense.

lxgr | karma 11963 | avg karma 2.2 · | 2024-06-22 19:52:52

Not sure about that exact scenario, but a digital signature scheme without a set of trusted keys/signers seems pretty useless: If it's about e.g. detecting tampering of large files, a hash function achieves the same result much more efficiently.

One thing it can be used for is continuity of authorship, though, I suppose: “v2 is by the same pseudonymous person that published v1”.

reply

jmah | karma 739 | avg karma 3.87 · | 2012-02-28 16:11:36

Indeed, looks like an extension of that to HTML and images. With the HTML is signed, then scripts just need to be hashed, not signed with your key.

empressplay | karma 4889 | avg karma 3.23 · | 2015-06-05 06:45:33+00:00

100% agree. If you want to ensure the integrity of content, then sign the content. If you want to protect people's interactions with websites when exchanging non-public data then use encryption when that's warranted. But credential-based encryption should never be used across sites or with public data because (as the poster notes) it just becomes another way in which broader interaction with the Internet can be tracked.

It's trading yet more liberty for just a little bit more security, and haven't we all done enough of that already?

reply