Re: md5 collisions and speeding tickets

From: John A. Malley (
Date: 08/12/05

Date: Fri, 12 Aug 2005 18:10:01 GMT

David Wagner wrote:
> sam wrote:
>>I think the defense could argue "Point 1: The police clearly believe that
>>it's necessary to use a hash to protect the integrity of photo's, hence
>>this feature is built into the system.
> I'm not convinced by that line of reasoning. It is good security
> practice to use belt and suspenders and defense in depth -- i.e.,
> to use extra security even where you're not aware of any need for it.
> Maybe they used a hash because it was cheap, and hey, why not? So I
> don't think the mere use of a hash is conclusive either way.
> I agree that the police would still have to demonstrate integrity,
> presumably in some other way. But I don't think we can say that just
> because the hash is insecure, that means we can skip the step of examining
> the system and jump straight to concluding that the evidence is unreliable.

Depends on how the questions are framed, I learned recently. That line of
reasoning can be used in a court room, and if not skillfully challenged by the
other side, can lead the court to that conclusion.

I served as an expert witness for the plaintiffs in a civil suit in US Federal
Court this month (first time.) The content and style of questioning limits what
an expert witness on any side can say to the court. Both sides joust for the
control of presented content. The judge and jury may end up with an incomplete
or erroneous understanding of the facts presented to them.

For example, one side's lawyers can ask yes-or-no questions of an expert witness
for the other side, and the judge can limit the expert to answering "yes" or
"no" without elaboration. THat kind of answer can spin a certain view of the
facts (emotional charging, sweeping scope) that "ain't necessarily so."

The other side's lawyers must keep track of this questioning and the potential
misunderstandings on the part of jury and judge. Their follow-up questions allow
the expert to elaborate on those blunt "yes" or "no" answers. The situation
clears up only as well as the follow-on questions allow.

The jury and judge can get a disjoint, herky-jerky flood of "facts" that they
need to reassemble into a cogent explanation. Hence the notepads and pencils for
the jury. :-)

John A. Malley

Don't be dumb, be a smarty! Come and join a Torture Party! Republican or 
Democratic, makes no difference, just as tragic!
"Spring Time for Git-mo and Ren-der-ings...Winter for your rights and mine..."

Relevant Pages

  • Re: md5 collisions and speeding tickets
    ... >> hash, not that a new message could be created with the same hash as an old ... Incompetent prosecution. ... the judge probably had no choice. ... How did the prosecution insure the picture was not ...
  • Re: [QUIZ] metakoans.rb (#67)
    ... i generally make a block the winner because it's bigger visually and harder to ... type - ergo one generally meant it if one typed it. ... whereas a hash is easy to ... judge your success by what you had to give up in order to get it. ...