[Neverbolt]

There are several misconceptions in this comment, first and foremost that SHA is encryption, which it is not. It is a hashing algorithm, not unlike MD5, though "stronger".

Secondly, when you have two files that are exactly the same and encrypt both with the same key, method and parameters then both will have the same hash. ( Though I could imagine Apple doing stuff with padding, and other parameters to make this not happen)

[chatmasta]

Right... so for the authorities to "compare" the hash of an encrypted file with that of a known original, they would need to encrypt the original with the same private key used to encrypt the encrypted file. If they had that private key, wouldn't it be sufficient to unlock the drive? They wouldn't need his cooperation to decrypt the drive if they had a private key. So it seems like a catch-22 compelling him to decrypt the drive based on a hash collision.

[weinzierl]

Exactly, but the original quote doesn't say that they compared decrypted content with known hashes. It doesn't say anything about how they learned about the "content stored on the encrypted hard drive".

"Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content."

I read it like this: They figured out that the disk had some incriminating files, as I described in another comment of this thread. To make this work hashes are of no use, they need the original files. For various reasons they might not want to admit that they are in possession of the original files, hence the cryptic and vague phrasing.

[foldr]

If they're in possession of the original files they can just look at the files to see what they contain.

[weinzierl]

Sure. My point was more that they might possibly not want to openly admit that they are in the possession of the original files.

I'm sure law enforcement has lists with hashes of incriminating files, but I'm not sure if they are allowed to keep the original files. Even if they are, maybe they just want to avoid public discussion about it.

[foldr]

It's logically impossible for them to have the hashes of the files without having had the files at some point. If they no longer have the files, you might just as well take their word for it as to the content of the files as take their word for it what the hashes of the files are.

[beisner]

There could be a hash collision, which might be enough to provide reasonable doubt for a jury.

[johncolanduoni]

The chances of a hash collision are drastically lower than the false positive rate of a DNA test, and US courts have accepted the latter for a long time.

[foldr]

No, I mean if they have the image files, they can look at the images. It would be irrelevant what the image hashes to.

[hndamien]

With the same key is a very important distinction there.

[wyager]

All modern encryption schemes inject randomness into the encryption process (via an initialization vector) so no, there is no way to check if two encrypted files are the same file. The investigators' claim doesn't make sense.

[Xorlev]

This. The padding changes as well. You have to work hard to produce the same ciphertext from a given plaintext.

The claim is bogus.