Pete's Log: checksum storage service
Entry #1746, (Coding, Hacking, & CS stuff)(posted when I was 33 years old.)
Does this make any sense at all?
Lately I've been pondering ... I dunno ... let's call it "private cloud infrastructure," since that sounds fancy. But what I've been thinking about is what sort of things I want to keep online and which of those things I want to make publicly accessible.
Since I have access to my own hosting and since my trust in companies such as Facebook has been decreasing of late, one thing that's important to me is solutions I can host on my own, so that I control the data. But while pondering such things, the following idea came to me:
What if there were some sort of service to which you can upload timestamped cryptographic hashes?
Would that be useful at all? Here's the scenario that first caused me to think of it: a smart phone app that uploads location data to a private web hosting service. This would allow you to track your own location over time without having to entrust that information to a third party. But what if you found yourself in a situation in which you needed to prove that you were (or were not) at a particular location? I'm not sure how reliable data that has been under your sole control will be as proof. But what if you had uploaded a hash of each dataset with a timestamp to some remote checksum storage service? Would that make the information more reliable?
Another use case I just thought of was if you are writing notes for some project and want to keep them private, but think you may need to use them in the future to prove prior art or something along those lines.
I am far from being an expert on cryptographic hashing, but as far as my understanding goes, good hash functions, such as SHA-2, have no known collision or preimage attacks. Maybe for good measure one could upload a public encryption key to the service when signing up and then upload the signatures for the data instead, but it is my understanding that in general a signature is generated by encrypting a hash of the data with the private key, so one is just as dependent on the hash function being cryptographically sound.
Anyway, I've googled a bit and not come up with any information about such a service existing. (The term "hash storage" was a particularly useless search term, since it only came up with information about how to store marijuana.)
So three questions to the internet:
- Is this feasible?
- Does it already exist?
- Would there be any demand for it?
It's not something I personally could imagine paying for. But maybe if it existed as some free trustworthy distributed cloud service, I might consider it.