Date: Tue, 28 Sep 2004 02:39:49 -0700 From: Colin Percival <cperciva@wadham.ox.ac.uk> To: Giorgos Keramidas <keramida@linux.gr> Cc: freebsd-security@freebsd.org Subject: Re: compare-by-hash (was Re: sharing /etc/passwd) Message-ID: <41593165.10406@wadham.ox.ac.uk> In-Reply-To: <20040928091405.GB1800@orion.daedalusnetworks.priv> References: <Pine.LNX.4.33.0111071900280.24824-100000@moroni.pp.asu.edu> <20011107211316.A7830@nomad.lets.net> <20040925140242.GB78219@gothmog.gr> <41575DFC.9020206@wadham.ox.ac.uk> <20040927091710.GC914@orion.daedalusnetworks.priv> <20040927095906.I79820@walter> <20040928091405.GB1800@orion.daedalusnetworks.priv>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos Keramidas wrote: > There is one difference between ``looking for collisions'' and being > bitten by undetected collisions though. True. But if the best known collision-finding algorithm takes f(p) operations in order to achieve a probability p of having found a collision, and you've performed less than f(p) operations, then either the chance of you being bitten by an undetected collision is less than p, or you've managed to improve upon the best-known collision-finding algorithm. For f(p) = 2^80 * sqrt(p), none of us are ever going to perform enough operations to make the chance of stumbling across a collision by accident a significant risk. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41593165.10406>