Hacker News new | ask | show | jobs
by chatmasta 3216 days ago
Right... so for the authorities to "compare" the hash of an encrypted file with that of a known original, they would need to encrypt the original with the same private key used to encrypt the encrypted file. If they had that private key, wouldn't it be sufficient to unlock the drive? They wouldn't need his cooperation to decrypt the drive if they had a private key. So it seems like a catch-22 compelling him to decrypt the drive based on a hash collision.
1 comments
weinzierl 3216 days ago
Exactly, but the original quote doesn't say that they compared decrypted content with known hashes. It doesn't say anything about how they learned about the "content stored on the encrypted hard drive".

"Investigators said content stored on the encrypted hard drive matched file hashes for known child pornography content."

I read it like this: They figured out that the disk had some incriminating files, as I described in another comment of this thread. To make this work hashes are of no use, they need the original files. For various reasons they might not want to admit that they are in possession of the original files, hence the cryptic and vague phrasing.

link
foldr 3216 days ago
If they're in possession of the original files they can just look at the files to see what they contain.
link
weinzierl 3216 days ago
Sure. My point was more that they might possibly not want to openly admit that they are in the possession of the original files.

I'm sure law enforcement has lists with hashes of incriminating files, but I'm not sure if they are allowed to keep the original files. Even if they are, maybe they just want to avoid public discussion about it.

link
foldr 3216 days ago
It's logically impossible for them to have the hashes of the files without having had the files at some point. If they no longer have the files, you might just as well take their word for it as to the content of the files as take their word for it what the hashes of the files are.
link
beisner 3216 days ago
There could be a hash collision, which might be enough to provide reasonable doubt for a jury.
link
johncolanduoni 3216 days ago
The chances of a hash collision are drastically lower than the false positive rate of a DNA test, and US courts have accepted the latter for a long time.
link
foldr 3216 days ago
No, I mean if they have the image files, they can look at the images. It would be irrelevant what the image hashes to.
link