From owner-freebsd-security@FreeBSD.ORG Tue Sep 28 09:14:14 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70FAA16A4CE for ; Tue, 28 Sep 2004 09:14:14 +0000 (GMT) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F99743D2F for ; Tue, 28 Sep 2004 09:14:13 +0000 (GMT) (envelope-from keramida@linux.gr) Received: from orion.daedalusnetworks.priv (host5.bedc.ondsl.gr [62.103.39.229])i8S9E6d1005905; Tue, 28 Sep 2004 12:14:10 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) i8S9E6RP001924; Tue, 28 Sep 2004 12:14:06 +0300 (EEST) (envelope-from keramida@linux.gr) Received: (from keramida@localhost)i8S9E5IS001923; Tue, 28 Sep 2004 12:14:05 +0300 (EEST) (envelope-from keramida@linux.gr) Date: Tue, 28 Sep 2004 12:14:05 +0300 From: Giorgos Keramidas To: Jason Stone Message-ID: <20040928091405.GB1800@orion.daedalusnetworks.priv> References: <20011107211316.A7830@nomad.lets.net> <20040925140242.GB78219@gothmog.gr> <41575DFC.9020206@wadham.ox.ac.uk> <20040927091710.GC914@orion.daedalusnetworks.priv> <20040927095906.I79820@walter> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040927095906.I79820@walter> cc: freebsd-security@freebsd.org Subject: Re: compare-by-hash (was Re: sharing /etc/passwd) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 09:14:14 -0000 On 2004-09-27 10:27, Jason Stone wrote: > > Henson notes that since there's no absolutely guaranteed proof that > > there are *no* collisions with a given hashing algorithm, > > true - quite the opposite, in fact - with a finite hash length and an > infinite number of inputs, you are guaranteed an infinite number of > collisions in any hashing algorithm - you're just going to have to spend > longer than the lifetime of the universe to find them.... There is one difference between ``looking for collisions'' and being bitten by undetected collisions though. If the probability of a collision just happening with random user data is 1/(2^128) we can't be sure that it will necessarily take the transfer of an average number of 2^127 blocks before a collision happens. You might get one at the very first pair of blocks and then no collisions ever after until the Sun burns out. Using two different hashes for the same set of input data, which David G. Andersen proposed, seems like a nice idea though. - Giorgos