From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <3dd5c634eddc6496085190a0e6de46a4@ladd.quanstro.net> References: <4B6DB95F.4090907@maht0x0r.net> <78b9710340a6345eac9f8690d306e1bb@brasstown.quanstro.net> <3dd5c634eddc6496085190a0e6de46a4@ladd.quanstro.net> Date: Sun, 7 Feb 2010 12:12:50 -0700 Message-ID: <68eb39921002071112m10495cccp846c0251748510b9@mail.gmail.com> From: Don Bailey To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [9fans] In case anyone worries about block hash collision in venti Topicbox-Message-UUID: cf73f6e2-ead5-11e9-9d60-3106f5b1d025 The e-mail trick is just an example, but the scenario is still valid. Consider an alternative scenario where an attacker is able to upload files to your server (perhaps jpg, gif, etc) via a web application or FTP server. Or perhaps, if someone were able to contribute source or a tarball by uploading it to your server, this would be an issue. Also, if a Postfix/etc server is misconfigured (or one were to be set up by the attacker) they would have far more control of the SMTP headers than you may realize. This would give them the ability to reliably predict the rest of the headers stored on disk. Especially if they've been able to see the headers from an e-mail you've previously sent through the same network. D On Sun, Feb 7, 2010 at 10:44 AM, erik quanstrom wro= te: >> OK, lets assume that the attacker has the most powerful attack >> against a hash available in which he can construct a garbage >> block of data (perhaps with some control of its content) that >> hashes to a value of his choosing. =A0Now he predicts some data >> that is likely to be written to your filesystem soon (say a >> brand knew pull update that you havent pulled yet), makes >> an email that has a data block in it that collides with that >> block, sends that email to you. =A0Your filesystem stores it. >> Later you do a pull and venti notices that you don't have to >> store one of the blocks because it already has a block stored >> with that same hash. =A0Now one of your files is corrupt. > > small problems with this: > > 1. =A0the sender can't control email headers. =A0many > transfer agents add a random transfer-id which > would confound this attack. > > 2. =A0if the rcpt uses mbox format, the sender can't > control how your message is fit into venti blocks. > the sender would need to control the entire > mail box. > > 3. =A0http://en.wikipedia.org/wiki/SHA_hash_functions > says that there have been no SHA1 collisions found. > > - erik > >