Links to stuff on this blog

Use the Site Index of Projects page link above for an easier way to find stuff on my blog that you might be looking for!

Saturday, July 10, 2010

US Cyber Command Seal and the Secret Code (sorta)

Recently the United States Cyber Command made the news when they announced themselves to the world and unveiled their official seal. There is a write up in Wikipedia HERE that includes a picture of the seal and a description of who they are and what they are going to do. Usually news like this isn't something that I would write about in my blog but I thought I'd make an exception in this case because many friends have been asking me about specifically the "secret code" in the Cyber Command seal.
The hexadecimal code in the seal is what really made the headlines because it immediately got people to put on their tin foil hats and start talking about government conspiracies and hidden meanings. There was even a contest offering a prize to the first person to 'decode' it all. In one of the news stories the Commander of the Cyber command said that the code was an MD5 hash of the units mission statement but he seemed a bit vague about it and didn't come right out and explain why it's there or what it's meaning might be. He even indicated that it might not be the entire mission statement but only part of it, but which part? Obviously only the nefarious world domination part of course.
Click below to read more about the Cyber Seal!

Several people on the net, including some news agencies, tried to run the official mission statement of the unit through on line MD5 generators and at first it appeared that the output was not a match for the hexadecimal string on the seal.
To me it did look like a MD5 hash because it appeared to be a 32 character hexadecimal string and that is what you get from MD5 when you run it on some input data. I also thought it was an MD5 hash because that is what the unit commander said it was (rocket science I know). I went to the official government release of the Command and copied the mission statement by doing a 'copy' and 'paste' and generated an MD5 check sum and it matched what was in the seal. I then compared the news agencies versions of the mission statement (and there were a couple different ones) to the statement that I got from the government release and they were different. They were not a whole lot different but it only takes one character to be different to get a different hash value. It looks to me like the news agencies may have made a mistake when they copied it by adding an extra space between two of the words.
What I thought was odd was why the folks at the US Cyber Command would put a hash value of their mission statement in the official seal?
Cryptographic Hash Functions are like checksums for a piece of information or data. The idea is you can use a hash function to generate a 'hash value' of your data and that value is unique to the data that you hashed. Because it's "cryptographic" you are not supposed to be able to figure out what the data is by just looking at the hash value. That is really the only difference between a check sum and a hash value. Hash values are useful in cryptography for verification of data when you don't want to check every part of a large piece of data or don't want others to know what the data is but want them to check it. Also hash values, like checksums, are smaller than the data that you are checking so they are easier to store, sort through and save.
The usual example of where cryptographic hashes are used is in password databases. You might want to have users type in a password to a system to gain access, but you don't want to have a huge list of all the users passwords on file. If someone copied the password list or could access it they would have everyone's passwords (a bad thing). So what you can do is keep a list of the hashed values of every password and when someone types in their password you immediately hash it and compare it to the database of hashed passwords. If you find a match then the password is correct and you let them in. If someone gets access to the hashed password list it doesn't do them any good because if you are using a cryptographic hash function they can't figure out the passwords from the hashed values.

So in summary one of the main uses of hash functions is to verify that the data you are interested in is correct. They are especially useful for passwords, digital signatures and now for official government mission statements.

A side note: Cryptographic Hash Functions (like check sums) are not perfect and in the real world there are limitations with them. They are used for a lot of neat stuff but there is always a chance that they won't work. The Wikipedia links above have a lot of information about this.
Back to what a lot of people have been asking me:
"Why would the US Cyber Command put a hash value of their mission statement in their official seal?"
I don't know the answer to that question but after thinking about it maybe the governmental gobbledygook language the mission statement is written in has something to do with it:
USCYBERCOM plans, coordinates, integrates, synchronizes, and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

After all who could remember that? Now if they ever wonder if what they are doing is in line with the official mission they can easily go back and do a quick MD5 calculation to see if all is well. And now that the mission statement is hashed right into their official seal they can't change it.

No comments:

Post a Comment