Hashes are still relevant in the post quantum cryptography era:
https://media.defense.gov/2021/Aug/04/2002821837/-1/-1/1/Quantum_FAQs_20210804.PDF
What is the progress of research on quantum-resistant hash functions in terminal security?
https://www.tencentcloud.com/techpedia/123070
The problem of storing a drivers license using a one way cryptographic function is analogous to the problem of cached credentials for a window login, with all the drivers license fields being concatenated into single ‘password’ before hashing.
There is a Microsoft Windows roadmap for post quantum cryptography…..
The privacy issues remain even if the technical issues are solved…
Reflecting…
ID documents need to be used to be useful.
We can debate exactly which sites should have the ability to request ID, but some do…
As has been pointed out, the sites will enevitably be hacked and the ID put on the dark web.
So arguing social media cannot request ID because it will be hacked is misleading, because any effort to solve the problem of secure ID will apply to both essential sites and privacy invading sites.
This argument is different from the ‘nerd harder’ argument over end to end encryption, because there is no need for a backdoor or weakness in order for end to end encryption to work properly… to the contrary… any back door defeats the purpose of end to end cryptography.
Just curious… should Experian be on the list of organisations that have access to your drivers license?
https://www.twingate.com/blog/tips/experian-data-breach
For give my neive post….
I acknowledge your concerns about which sites should be able to require a governement ID and the slippery slope.
However, the need for ID verification beyond a Google or Facebook sign in remains. Even in the land of freedom (the USA) a drivers license (or some such ID is required to open a bank account, credit card, etc.
As you say, the hack by black hats is invevitable, and ID documents will end up on the dark web. It seems to me that we have a trade off…. The revokability of a digital ID verified by a third party provider that does not hold the original physical document (As in the AGIDS - Australian Government Digital Identification System) versus the privacy and vulnerability of a widely used physical ID. The AGDIS has many of the modern cryptographic features you alluded to, only lacking the post-quantum cryptography. For a revokable ID, it does not need to quantum cryptography yet, unlike stored secrets…. What alternative do you propose to deal with the large number of driver license numbers on the web? Changing everyone’s drivers license numbers every year? I respond without bile and acknowledge your privacy concerns, only raising a real world issue that will need to be dealt with at some time. I am sure there are people out there with better insights into these issues…
Not commenting on the validity of the reasons for age verification, but…
Couldn’t they just verify the government ID once, then take the key fields (name, birthday, address, license number, expiry date) then make a salted hash of the ID document? This would allow the verification to be retrospectively proved, but would be less useful to hackers… and would allow future verifications with less intrusive information (say a device-specific passkey)?
Also, this would be revokable, unlike biometrics….
An unresolved issue of law is whether art generated by AI violates the copyright of the artists whose work was used to train the model. IANAL, but it appears that there are two opposing precedents: In Ghostbusters vs Huewy Lewis (https://www.rollingstone.com/politics/politics-lists/songs-on-trial-12-landmark-music-copyright-cases-166396/) the court found that just using a similar style of music violated copyright, even though the notes are different. However in the visual arts (in this case) pastiche is exempted from the copyright laws. It will be interesting and have wide ranging effects depending on how this conflict of precedent is resolved.
This of course, ignores two other issues: 1) Can generative art be copyrighted? 2) Is the use of an artist's work to train a model a fair use like Google books, or does it affect the market value of the original work too much to be fair use?
BestNetTech has not posted any stories submitted by proofbycontradiction.
Hashes in the post quantum cryptography era
Hashes are still relevant in the post quantum cryptography era: https://media.defense.gov/2021/Aug/04/2002821837/-1/-1/1/Quantum_FAQs_20210804.PDF What is the progress of research on quantum-resistant hash functions in terminal security? https://www.tencentcloud.com/techpedia/123070 The problem of storing a drivers license using a one way cryptographic function is analogous to the problem of cached credentials for a window login, with all the drivers license fields being concatenated into single ‘password’ before hashing. There is a Microsoft Windows roadmap for post quantum cryptography….. The privacy issues remain even if the technical issues are solved…
ID documents need to be used to be useful
Reflecting… ID documents need to be used to be useful. We can debate exactly which sites should have the ability to request ID, but some do… As has been pointed out, the sites will enevitably be hacked and the ID put on the dark web. So arguing social media cannot request ID because it will be hacked is misleading, because any effort to solve the problem of secure ID will apply to both essential sites and privacy invading sites. This argument is different from the ‘nerd harder’ argument over end to end encryption, because there is no need for a backdoor or weakness in order for end to end encryption to work properly… to the contrary… any back door defeats the purpose of end to end cryptography.
Experian?
Just curious… should Experian be on the list of organisations that have access to your drivers license? https://www.twingate.com/blog/tips/experian-data-breach
The need for ID and revokability
For give my neive post…. I acknowledge your concerns about which sites should be able to require a governement ID and the slippery slope. However, the need for ID verification beyond a Google or Facebook sign in remains. Even in the land of freedom (the USA) a drivers license (or some such ID is required to open a bank account, credit card, etc. As you say, the hack by black hats is invevitable, and ID documents will end up on the dark web. It seems to me that we have a trade off…. The revokability of a digital ID verified by a third party provider that does not hold the original physical document (As in the AGIDS - Australian Government Digital Identification System) versus the privacy and vulnerability of a widely used physical ID. The AGDIS has many of the modern cryptographic features you alluded to, only lacking the post-quantum cryptography. For a revokable ID, it does not need to quantum cryptography yet, unlike stored secrets…. What alternative do you propose to deal with the large number of driver license numbers on the web? Changing everyone’s drivers license numbers every year? I respond without bile and acknowledge your privacy concerns, only raising a real world issue that will need to be dealt with at some time. I am sure there are people out there with better insights into these issues…
Hashed ID?
Not commenting on the validity of the reasons for age verification, but… Couldn’t they just verify the government ID once, then take the key fields (name, birthday, address, license number, expiry date) then make a salted hash of the ID document? This would allow the verification to be retrospectively proved, but would be less useful to hackers… and would allow future verifications with less intrusive information (say a device-specific passkey)? Also, this would be revokable, unlike biometrics….
Implications for chatGPT, stable diffusion
An unresolved issue of law is whether art generated by AI violates the copyright of the artists whose work was used to train the model. IANAL, but it appears that there are two opposing precedents: In Ghostbusters vs Huewy Lewis (https://www.rollingstone.com/politics/politics-lists/songs-on-trial-12-landmark-music-copyright-cases-166396/) the court found that just using a similar style of music violated copyright, even though the notes are different. However in the visual arts (in this case) pastiche is exempted from the copyright laws. It will be interesting and have wide ranging effects depending on how this conflict of precedent is resolved. This of course, ignores two other issues: 1) Can generative art be copyrighted? 2) Is the use of an artist's work to train a model a fair use like Google books, or does it affect the market value of the original work too much to be fair use?