From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <71b6b74db8131bccd3adc8f671cd870b@quanstro.net> To: weigelt@metux.de, 9fans@cse.psu.edu Subject: Re: [9fans] thoughs about venti+fossil From: erik quanstrom Date: Sat, 8 Mar 2008 10:37:15 -0500 In-Reply-To: <20080308093705.GB1386@nibiru.local> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Content-Transfer-Encoding: quoted-printable Topicbox-Message-UUID: 73cd7ae0-ead3-11e9-9d60-3106f5b1d025 >> After this fact the colliding block is itself very interesting, >> aand it is also very likely that theis block will be stored and=20 >> archived just for this reason. >=20 > Which will increase the chance of a failure ;-O by how much? the fact that something *could* happen is often meaningless. what is lim{x->=E2=88=9E} 1+1/x? the =CE=B5=CE=B4 argument made to proove the result always says that if i control the input of a function this much i can control the output that much. in the real world there are limits (ha!) to how small or large something can get before it is practically infinite or zero. this is because, .e.g., there is no such thing as=20 1e24 bytes of storage. theoretically, i don't think a collision by itself would be all that interesting. the number of possible bit patterns in, say, 8k blocks would be 2^(8*8192). while the number of possible bit patterns in a sha1 hashs 2^(8*20). assuming an even distribution, there would be ceil(2^(8*8192)/2^(8*20) - 1) =3D 2^(8*8172) - 1 collisions on average per hash value. (that's ~1.37e4095, btw.) the only way a collision would be interesting is if it exposed a weakness in sha1. - erik