OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a t

[ Lists Home | Date Index | Thread Index ]

On Friday 31 May 2002 07:43, Uche Ogbuji wrote:
> I'm no crypto honcho either, but from my lay understanding, modern
> cryptographically strong hashing renders such approaches pretty much
> useless.   Knowing that the phrase "hello" appears somewhere in the
> plaintext has such an infinitesimal effect on the search space these days
> that you'd be better off dumpster diving.  Knowing all the XML tags used in
> the plaintext would also provide but infinitesimal advantage.
> As your reading illustrates, this wasn't always the case: SHA and MD5 are
> recent inventions.
> Now I'll shut up and wait for the crypto wizards to wake up and disabuse us
> all of our innumerate notions.

SHA and MD5 and hashing are not related to 'cryptography' in the sense of 
hiding information! No! No no no!

Hashing algorithms take an arbitrary sized block of bits and produce a 
(usually) fixed size number which is (ideally) going to be different if you 
try to change the input bits. This is used in tamper detection.

Cryptography, on the other hand, is about taking an arbitrary sized block of 
bits and mapping it to another, usually of the same size as the input (but 
sometimes bigger) in such a way that it can be reversed if you know a 
'secret' but that the secret is hard to devise.

If anyone's really interested in this stuff, then this book is the Bible of 
the field:




News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS