From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Sun, 7 Feb 2010 12:44:52 -0500 To: 9fans@9fans.net Message-ID: <3dd5c634eddc6496085190a0e6de46a4@ladd.quanstro.net> In-Reply-To: References: <4B6DB95F.4090907@maht0x0r.net> <78b9710340a6345eac9f8690d306e1bb@brasstown.quanstro.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] In case anyone worries about block hash collision in venti Topicbox-Message-UUID: cf5cde4e-ead5-11e9-9d60-3106f5b1d025 > OK, lets assume that the attacker has the most powerful attack > against a hash available in which he can construct a garbage > block of data (perhaps with some control of its content) that > hashes to a value of his choosing. Now he predicts some data > that is likely to be written to your filesystem soon (say a > brand knew pull update that you havent pulled yet), makes > an email that has a data block in it that collides with that > block, sends that email to you. Your filesystem stores it. > Later you do a pull and venti notices that you don't have to > store one of the blocks because it already has a block stored > with that same hash. Now one of your files is corrupt. small problems with this: 1. the sender can't control email headers. many transfer agents add a random transfer-id which would confound this attack. 2. if the rcpt uses mbox format, the sender can't control how your message is fit into venti blocks. the sender would need to control the entire mail box. 3. http://en.wikipedia.org/wiki/SHA_hash_functions says that there have been no SHA1 collisions found. - erik