9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: Tim Newsham <newsham@lava.net>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] In case anyone worries about block hash collision in venti
Date: Sat,  6 Feb 2010 13:42:18 -1000	[thread overview]
Message-ID: <Pine.BSI.4.64.1002061338530.5454@malasada.lava.net> (raw)
In-Reply-To: <4B6DB95F.4090907@maht0x0r.net>

> http://www.c0t0d0s0.org/archives/6349-Perceived-Risk.html

Sorry, this is all bunk.  You shouldn't be worried about
an accidental collision.  You should be worried about
an intentional collision.  Especially if your filesystem
stores data that is under the attackers control such as
email messages, web page caches, etc.  So what you need
to analyze isn't how often an accidental collision happens
but how hard it is to create an intentional collision.
All the popular hash algorithms have been losing ground to
attackers lately.

The simple solution is to use a keyed hash rather than
an unkeyed one and keep the key secret from potential
attackers.

Tim Newsham | www.thenewsh.com/~newsham | thenewsh.blogspot.com



  reply	other threads:[~2010-02-06 23:42 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-06 18:47 maht
2010-02-06 23:42 ` Tim Newsham [this message]
2010-02-07  4:47   ` erik quanstrom
2010-02-07 16:54     ` Tim Newsham
2010-02-07 17:44       ` erik quanstrom
2010-02-07 19:12         ` Don Bailey
2010-02-07 19:24         ` Nathaniel W Filardo
2010-02-07 22:08           ` matt
2010-02-08 23:37             ` Nathaniel W Filardo
2010-02-09 13:13               ` hiro
2010-02-09 13:50                 ` ron minnich
2010-02-09 14:54                   ` erik quanstrom
2010-02-07 20:03         ` Tim Newsham
2010-02-08 21:58           ` Georg Lehner
2010-02-07 20:21   ` [9fans] In case anyone worries about block hash collision in Lyndon Nerenberg (VE6BBM/VE7TFX)
2010-02-07 20:31     ` erik quanstrom
2010-02-07 20:57       ` Lyndon Nerenberg (VE6BBM/VE7TFX)
2010-02-07 23:25         ` Akshat Kumar
2010-02-08  0:37           ` Russ Cox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.BSI.4.64.1002061338530.5454@malasada.lava.net \
    --to=newsham@lava.net \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).