Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Sep 2004 10:15:41 -0500
From:      "Jacques A. Vidrine" <nectar@FreeBSD.org>
To:        Giorgos Keramidas <keramida@linux.gr>
Cc:        freebsd-security@freebsd.org
Subject:   Re: compare-by-hash (was Re: sharing /etc/passwd)
Message-ID:  <20040928151541.GF23453@madman.celabo.org>
In-Reply-To: <20040928091405.GB1800@orion.daedalusnetworks.priv>
References:  <Pine.LNX.4.33.0111071900280.24824-100000@moroni.pp.asu.edu> <20011107211316.A7830@nomad.lets.net> <20040925140242.GB78219@gothmog.gr> <41575DFC.9020206@wadham.ox.ac.uk> <20040927091710.GC914@orion.daedalusnetworks.priv> <20040927095906.I79820@walter> <20040928091405.GB1800@orion.daedalusnetworks.priv>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 28, 2004 at 12:14:05PM +0300, Giorgos Keramidas wrote:
> There is one difference between ``looking for collisions'' and being
> bitten by undetected collisions though.
> 
> If the probability of a collision just happening with random user data
> is 1/(2^128) we can't be sure that it will necessarily take the
> transfer of an average number of 2^127 blocks before a collision
> happens.  You might get one at the very first pair of blocks and then
> no collisions ever after until the Sun burns out.
> 
> Using two different hashes for the same set of input data, which David
> G. Andersen proposed, seems like a nice idea though.

If you buy the "logic" of the paper, this would not make much
difference.  After all, composing two hashes just gives you another
hash with a longer bit length.

This paper needs a lot more peer review, although I'm not sure that
many take it seriously enough to bother.

Cheers,
-- 
Jacques A Vidrine / NTT/Verio
nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040928151541.GF23453>