Here's a hash of your post plus some salty stuff that only I know about, or at least thats what you think:
96ac1d2c0cdbc05e1ff1e40fe8a43f64e013e232
(its actually a SHA1 of GNU date output, but whatever)
Now lets say your post starts appearing on reddit except it begins "I am like so totally getting the point here" and includes the hash 96ac1d2c0cdbc05e1ff1e40fe8a43f64e013e232
I can act as oracle and verify that someone messed with the post I signed.
Sometimes having a little notary follow you around notarizing everything you type is no big deal. Sometimes of course it is.
The irony is that this whole debate relies on the theory that no one can generate those salty hashes but the almighty GOOG. I only glanced at the code in the post and I didn't see any charset translation games in his little permutation gadget. It might be something totally innocent like he needs to convert to UTF-8 or UCS-16 or UTF-32 or some bonkers thing like EBCDIC before the hash and that's it. In which case its not much of a big deal, mostly.
Assuming honest and truthful actors on both sides, there's not much harm an oracle can do other than verifying an out of context quote, I guess. Of course honest and truthful actors are not universal, and the oracle itself might be a crook or partially crook partially honest.
The worst case is a partially crooked or partially secret oracle. "I VLM solemnly swear I shot JFK back in 1963" (and heres a correct hash using the GOOG algorithm of the statement). Well, superficially that proves I shot JFK, I mean a 3rd party properly notarized it and everything. The reality is all it proves is someone in the universe knows the signing algorithm and this is a properly signed message using that algorithm, which is not so impressive. The legal outcome can be a lot different between the superficial interpretation and reality. Even though JFK died more than a decade before I was born. If someone, like, say, a court, is dumb enough to trust the sig, then anyone who knows the algorithm is God over everyone else. Hope the smart guys aren't the bad guys...
Here's a hash of your post plus some salty stuff that only I know about, or at least thats what you think:
96ac1d2c0cdbc05e1ff1e40fe8a43f64e013e232
(its actually a SHA1 of GNU date output, but whatever)
Now lets say your post starts appearing on reddit except it begins "I am like so totally getting the point here" and includes the hash 96ac1d2c0cdbc05e1ff1e40fe8a43f64e013e232
I can act as oracle and verify that someone messed with the post I signed.
Sometimes having a little notary follow you around notarizing everything you type is no big deal. Sometimes of course it is.
The irony is that this whole debate relies on the theory that no one can generate those salty hashes but the almighty GOOG. I only glanced at the code in the post and I didn't see any charset translation games in his little permutation gadget. It might be something totally innocent like he needs to convert to UTF-8 or UCS-16 or UTF-32 or some bonkers thing like EBCDIC before the hash and that's it. In which case its not much of a big deal, mostly.
Assuming honest and truthful actors on both sides, there's not much harm an oracle can do other than verifying an out of context quote, I guess. Of course honest and truthful actors are not universal, and the oracle itself might be a crook or partially crook partially honest.
The worst case is a partially crooked or partially secret oracle. "I VLM solemnly swear I shot JFK back in 1963" (and heres a correct hash using the GOOG algorithm of the statement). Well, superficially that proves I shot JFK, I mean a 3rd party properly notarized it and everything. The reality is all it proves is someone in the universe knows the signing algorithm and this is a properly signed message using that algorithm, which is not so impressive. The legal outcome can be a lot different between the superficial interpretation and reality. Even though JFK died more than a decade before I was born. If someone, like, say, a court, is dumb enough to trust the sig, then anyone who knows the algorithm is God over everyone else. Hope the smart guys aren't the bad guys...