From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 7 13:07:03 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7557516A4CE for ; Mon, 7 Mar 2005 13:07:03 +0000 (GMT) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3446143D1F for ; Mon, 7 Mar 2005 13:07:03 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mr5so.prod.shaw.ca (pd5mr5so-qfe3.prod.shaw.ca [10.0.141.181]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0ICZ001DMGF9VS30@l-daemon> for hackers@freebsd.org; Mon, 07 Mar 2005 06:06:45 -0700 (MST) Received: from pn2ml8so.prod.shaw.ca ([10.0.121.152]) by pd5mr5so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0ICZ00LP0GFAWLK0@pd5mr5so.prod.shaw.ca> for hackers@freebsd.org; Mon, 07 Mar 2005 06:06:46 -0700 (MST) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0ICZ00332GF9RG@l-daemon> for hackers@freebsd.org; Mon, 07 Mar 2005 06:06:45 -0700 (MST) Date: Mon, 07 Mar 2005 05:06:44 -0800 From: Colin Percival In-reply-to: <20050306165321.GA24134@VARK.MIT.EDU> To: David Schultz Message-id: <422C51E4.6030104@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.90.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime References: <200503022348.j22Nm48I086259@marlena.vvi.at> <873bvcjw90.fsf@snark.piermont.com> <20050306165321.GA24134@VARK.MIT.EDU> User-Agent: Mozilla Thunderbird 1.0 (X11/20050302) cc: ALeine cc: elric@imrryr.org cc: "Perry E. Metzger" cc: phk@phk.freebsd.dk cc: hackers@freebsd.org cc: tech-security@NetBSD.org cc: ticso@cicely.de Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2005 13:07:03 -0000 David Schultz wrote: > As a > rather extreme example, suppose that it was discovered that on > random input, an MD5 output only has 70 bits of entropy. Then > it might be relatively easy for an adversary to recover sector > keys without knowing the master key. (Granted, this would > constitute a much stronger break in MD5 than is currently known.) I'm not going to even touch the rest of this thread, but it is clear that MD5 has at least 100 bits of entropy, simply based on the lack of collisions resulting from hashing random data. (If you generate 2^n hashes randomly without finding a collision, then the hash must have at least ~~ 2n bits of entropy, and organized attempts to crack MD5 generated at least 2^50 hashes before the algorithmic break was found.) Colin Percival