Date: Tue, 28 Sep 2004 12:05:51 +0300 From: Giorgos Keramidas <keramida@linux.gr> To: Colin Percival <cperciva@wadham.ox.ac.uk> Cc: freebsd-security@freebsd.org Subject: Re: compare-by-hash (was Re: sharing /etc/passwd) Message-ID: <20040928090551.GA1800@orion.daedalusnetworks.priv> In-Reply-To: <41582024.2080205@wadham.ox.ac.uk> References: <Pine.LNX.4.33.0111071900280.24824-100000@moroni.pp.asu.edu> <20011107211316.A7830@nomad.lets.net> <20040925140242.GB78219@gothmog.gr> <41575DFC.9020206@wadham.ox.ac.uk> <20040927091710.GC914@orion.daedalusnetworks.priv> <41582024.2080205@wadham.ox.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-09-27 07:13, Colin Percival <cperciva@wadham.ox.ac.uk> wrote: > Giorgos Keramidas wrote: > >Increasing the number of bits the hash key uses will decrease the > >possibility of a collision but never eliminate it entirely, AFAICT. > > How small does a chance of error need to be before you're willing to > ignore it? That's a good question. I'm not sure I have a definitive answer, but the possibility of a collision is indeed scary. Especially since I haven't seen a study of the real probability of a collition is, given the fact that passwords aren't (normally) random binary data but a much smaller subset of the universe being hashed. > If an appropriately strong hash is used (eg, SHA1), then the probability > of obtaining an incorrect /etc/*pwd.db with a correct hash is much > smaller than the probability of a random incorrect password being > accepted. Remember, passwords are stored by their MD5 hashes, so a > random password has a 2^(-128) chance of working. I was probably being unreasonably paranoid about 'modified' passwords that don't get detected as modified, but what you describe is also true.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040928090551.GA1800>