[ythn]

In my opinion, I don't think it's the number itself that's illegal, but the metadata that you attach to it.

"11234349387298245791029384857" may or may not be an illegal number. Nobody cares and mathematicians can use it to their heart's content. That is, until I attach the metadata to it: "This number is the AES key embedded in every YthnVideo Disc Player". Now it's illegal. Number = legal. Number + metadata = illegal.

At least, that's how it should be.

[pwinnski]

The tricky bit there is in how metadata may come to be attached. If there exists a list of web pages, each of which contains a single prime number, then that list is legal, yes?

If from a completely different domain, someone who has no relationship whatsoever to the maintainer of that first site creates a page explaining how DVD players contain AES keys and then links to one of the pages on the first page, from the perspective of a web user, that's number + metadata = illegal, right? And yet the number itself is legal. And the text by itself is legal. The combination is illegal, but the combination doesn't really exist.

Of course, the answer is probably that the text is illegal in the US, because the DMCA overrides the first amendment. Whether the text includes the number or a link to the number, it all interferes with the ability of a company to make money, so it's illegal.

[ythn]

> If from a completely different domain, someone who has no relationship whatsoever to the maintainer of that first site creates a page explaining how DVD players contain AES keys and then links

The link is the illegal metadata. It's fine to explain that DVD players use cryptographic keys. It's fine to explain how said keys work. It's fine to have a list of prime numbers on your website for fun. It's not okay to link the two together. The link itself is exactly the type of illegal metadata I'm talking about.

Any type of pointing, eyebrow wiggling, coughing, etc. providing people with metadata on why certain numbers have cryptographic significance for a particular product is not okay (in my opinion).

[mikeash]

That description can be embedded in the number. If you use ASCII it’ll be pretty obvious.

Encoding as a prime doesn’t impose any special requirements on the data. All you have to do is append a bit of junk to make the whole thing prime. The rest of it can be plain text or whatever.

[ythn]

> That description can be embedded in the number. If you use ASCII it’ll be pretty obvious.

In that case, the knowledge that information is encoded in that specific number and the drawing attention to that fact is the illegal metadata. In other words, numbers are just numbers - until you draw attention to specific numbers with metadata, that's when you cross the line.

If you make a website with a prominently displayed huge prime number with flashing lights and arrows, you've added illegal metadata that says "try decoding me" or "I am probably a cryptographic key to something"

[mikeash]

That seems like a pretty loose definition of “metadata.” And the number would be illegal no matter which medium you distribute it with. The mere act of distributing it (or just possessing it) is enough.

[ythn]

Large numbers can mean anything depending on how you interpret them. If you provide the means (metadata) to interpret a given large number as illegal information (state secret, crypto key, etc.), why shouldn't that be illegal?

[mikeash]

I'm not saying it shouldn't be illegal to provide the metadata needed to interpret a large number. I'm saying that lots of large numbers need no metadata to interpret them. For example, if you came across a number consisting of the raw text of this comment represented as ASCII and encoded with base 256, you'd easily be able to figure out what it said with no metadata at all. If this comment contained something illegal, then you'd easily be able to obtain that. Metadata isn't needed.

[ythn]

You'd still need to know that the number is a base 256 encoded string, and the chances you run across such a number in an innocent context (i.e. math publication) seems infinitesimal.

Someone who knowingly hosts a base-256 encoded secret should be held as accountable as if they had hosted the same information in picture form, morse code form, or plaintext.

[dorgo]

The metadata in this case is the ability to read english text.