From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 19 Jan 1998 10:43:38 +0800
To: jya@pipeline.com
Subject: Re: let's do it: NYT ad with hash of fingerprints (fwd)
In-Reply-To: <1.5.4.32.19980119010440.0072a198@pop.pipeline.com>
Message-ID: <199801190206.CAA00340@server.eternity.org>
MIME-Version: 1.0
Content-Type: text/plain




John Young <jya@pipeline.com> writes:
> Jim Choate wrote:
> >This doesn't provide the same sort of protection the original full page ad
> >is supposed to provide. That full page ad will be accessible as a reference
> >a hundred years from now in just about every library in the country. The
> >link to a webpage won't be.

If the keys aren't easily obtainable, the hash of them is no use
either, so we are already relying on the availability of other text.

If the information was valued people would keep copies and mirrors.
They could for example post it to the eternity service if/when a
viable service is realised.

I viewed it more as a way to strengthen the web of trust rather than
an expensive long term paper based web server.

I think it would be ok for our purposes to omit a URL, firstly because
URLs don't always last that long, and secondly because we want to
reference the publication, but aren't really bothered about having the
application reference us.

> Printed ads are sometimes not archived as widely as news articles, due
> to the cost of reproduction, distribution and storage.
> 
> The same is true, though, of personals and other types of throwaways.

Oh.  Not so good.

> One possibility is to buy an ad on the NYT Front Page which is often
> sent as an image around the world separately from the full paper,
> and on which one can buy a tiny ad for about $800 for two lines of
> text 32 characters long (ID must be included). That's the rate for a
> one-timer.

Well theoretically we could go for 32 characters for a MD5 hash output
only.  SHA1 would be better at 40 characters.  (We could brute force a
hash length reduction and maybe claw back 4 characters at an expected
cost of 2^32 hash runs).

The printed hash could be the output of the hash function run on a
text document including the keys which we mirror in various places.
We can include any text we want to authenticate in this document,
keys, time stamp hash tree outputs, URLs, mailing list addresses,
whatever.

> Adam, could you reduce the requisite gob to fit 64 characters? Each extra
> line runs about $300.

We are at 40 characters for an SHA1 output, or maybe only 32
characters with a bit of brute-forcing.  

What do you mean that you must include ID?  Someone must give an email
address, or phone number?  Should be ok to fit one of those in the
remaining 24 - 32 chars.  Or a URL.  "jya.com" easy.

> However, bear in mind that a news article is cheaper and will be
> archived for eternity (until Asteroid Endall); cheaper, that is, if
> you can pukedrunk a reviler.

Doesn't sound news-worthy itself.

Adam