From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Sat, 6 Feb 2010 23:47:30 -0500 To: 9fans@9fans.net Message-ID: <78b9710340a6345eac9f8690d306e1bb@brasstown.quanstro.net> In-Reply-To: References: <4B6DB95F.4090907@maht0x0r.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] In case anyone worries about block hash collision in venti Topicbox-Message-UUID: cf18dd16-ead5-11e9-9d60-3106f5b1d025 > Sorry, this is all bunk. You shouldn't be worried about > an accidental collision. You should be worried about > an intentional collision. Especially if your filesystem > stores data that is under the attackers control such as > email messages, web page caches, etc. So what you need > to analyze isn't how often an accidental collision happens > but how hard it is to create an intentional collision. > All the popular hash algorithms have been losing ground to > attackers lately. can you make this a little more concrete? i'm having trouble understanding how a email that an attacker controls is a problem. assuming the attacker can predict the headers add well enough, this implies that the attacker, given access to your venti, can retrieve an email said attacker sent. where's the problem? i don't see it yet. - erik