On Wed, 2017-07-19 at 21:06 -0700, Kerim Aydin wrote: > If I had, most such documents would be nonsense and IRRELEVANT. If > I broke the Original, that would be enough to "convict" me, so any others > wouldn't matter. If I obeyed the Original, there would still be some very > low but nonzero chance (unknowable to me or anyone else) that I was still > guilty, if some other document existed that is an intelligible proscription > with the same hash and length. But I'd argue that the odds are so low > that it is below any standard of evidence to assume its existence.
Imagine documents of the form "post the string '…'", where the "…" is a string 64 characters long. If we assume a 256-character character set (which is kind-of implied by the way that SHA-1 is defined), then we have (2 to the power of 64×8) = (2 to the power of 512) possible documents meeting this description. (Some will be ambiguous due to mismatched quotes or the like, but the vast majority will unambiguously describe an action you're capable of taking.) On the other hand, there are 2 to the power of 160 possible SHA-1 hashes. As a result, we can estimate that there are likely around 2 to the power of 352 documents of this form that match the description in your pledge (together with, most likely, a much larger number of documents of other forms). The chance that you were still guilty in this hypothetical (where you agree to act according to every such document, rather than any such document) wouldn't be very low and nonzero; it would be so close to 1 that I'd feel confident finding you guilty as a judge or referee. The only plausible way in which you wouldn't be would be if there was some sort of mathematical flaw in SHA-1 that caused some hashes to be much less likely than others, and if your intended document somehow happened to hit this case. -- ais523
